SecuriteInfo[.]com[.]Win32[.]Evo-gen[.]2721[.]22784[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Evo-gen.2721.22784.exe
Size

881KB
MD5

162b0a0a1630d817df6a2be1d8ad0dc3
SHA1

e156c88859b3a503d33642208499dfbf830cf7fb
SHA256

9ba7c76350db25ad024fd3013019b2ce25bd6373c74a4d4a55068284943a92ae
SHA512

7c19744c962b79779713f9ad05e170b4f1c45ddc4ab4619b324be5b6507f18185da921743f75fc34743b090d77136020e5e060154f526117d359615c65ae76d4
SSDEEP

12288:alrGjtK0v2rZVn/OlRsSi59EGuhN/TukmKYnhVLaELUP2qSZdXFhYpF6f6Cc:caoInlRLi5qXN/TukDYnhq2qU4pF6CCc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.Evo-gen.2721.22784.exe

Files

SecuriteInfo.com.Win32.Evo-gen.2721.22784.exe
.exe windows:4 windows x86

b6ede3d5dbb3841da09c52f157313adc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetConnectStatusA

kernel32

DuplicateHandle
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetMenuItemCount

gdi32

SetBkMode

winmm

midiStreamOut

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

RegisterTypeLi

comctl32

ord17

ws2_32

accept

wininet

InternetCrackUrlA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6ede3d5dbb3841da09c52f157313adc

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 568KB

.rdata Size: - Virtual size: 110KB

.data Size: - Virtual size: 215KB

.rsrc Size: 104KB - Virtual size: 118KB

.vmp0 Size: - Virtual size: 393KB

.vmp1 Size: 768KB - Virtual size: 766KB

.text
Size: - Virtual size: 568KB

.rdata
Size: - Virtual size: 110KB

.data
Size: - Virtual size: 215KB

.rsrc
Size: 104KB - Virtual size: 118KB

.vmp0
Size: - Virtual size: 393KB

.vmp1
Size: 768KB - Virtual size: 766KB