NEAS[.]3dd6e332664f56512ecea784504fafd0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3dd6e332664f56512ecea784504fafd0.exe
Size

5.7MB
MD5

3dd6e332664f56512ecea784504fafd0
SHA1

97a386806981d1888f90bc11d847813f92682c7d
SHA256

fd62b1179e6b1c4bb47283842fa8c81bd66c4cd4765300f99a6af922d124bba7
SHA512

7500e0f2b9e5621405ab9c0432fe6928ab9e877aa0ffe4756d5783cef3886803e1f792417d1ce686c4082fb0f3c4a5a7ecf53e7efcf1da725e048a593fa58c0f
SSDEEP

98304:ijvPQEpIx+gPh9EleAeUjF7isN0TfheIgtfkafB+GNLXPmSTmgd+Q8s/0rp8V:qXQE+7rA7jRUheIgtfka9PJbc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
NEAS.3dd6e332664f56512ecea784504fafd0.exe

Files

NEAS.3dd6e332664f56512ecea784504fafd0.exe
.exe windows:6 windows x86

0da8ed7b82a1d4f2dc3ba65966669620

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetKeyState
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleBitmap

advapi32

RegGetValueA

shell32

SHGetFolderPathA

ws2_32

htons

wtsapi32

WTSSendMessageW

Exports

Exports

�'��W��,�j��BV�DP��Hx��i�¬�p��N�}�D(g=��\#5>�i��^��Q�`=��㟚l�'��AR۱��Z8�82��Q �gO\�T�FU��E>��'��qm��~��,�e2��C!2��bX$U��Y!g=�2:灦��D��B�4y�:�ʡ��kTHA�᢫$l�1��@'Bd�G�� I!LX�h��d��G�*m�� w��[��.��)Oτ^�;�n�Q]�xyc�N`�w�]��;��Do��!��ڎu�� A?��n�"�,C3(�O0j ��E8��8��U︥d��$��g�Y�?f�\P�l@�w(�o��փj^��H/�^P��59ʦ�8ؘ�8*�6��wE ꌊ��N�lDç>A�"��E(U ��&�q�i��{ִ8�s1�?T<��E!u��R�0r�d�0��?8 �%�G� ��(��ּ��;�M�flՄi�M&��C�k� ��u�p��$��'k�>�K/� ��("�cxIf+�KO��κ�kpj ��}�Jt��h�I��;:�F�N~�f--V�]t��aw�*��c��r�3£LCIz��z��g?�mS�`�"I��Sb�B�i��D�ޑCUhg��0��u��w�L�j:s<-�d��LM��Fe)`E��Lg�"N�䷣�x�:٣ as�̏E�,��~dLukJ� &��K�!�EZ��.w��ğ�)Vzrg"m�%/�,��0m��\��)�_�C��G-&\�!~C��P��W%�m~5��Z��|�]�`�-�@��:�/�-�K��'(��}�)�R�Sq��{��(��H��"�[��@J�PRTaDpJVkN�K��_�J�~ @Hۭ�yW7|�M&<p �W�� "�p�c#��+��X|Q��H��k��{�m��˨]��T�uX2�1 (��/󟾀 c|'f�|c�^4*�Aeu��.pUP��X�bS,�bX��-c��s��ϧ�6��DU�U��qء�o�� ]�.h��归��QH�c|z&�ζ��\e��L��[�~�hx��Fg��!D�P�w&�i)aՍ?�/�ڧ�bz?�c�l��0I#={�뱪#��t�La�Y�z�f�!c�}� l2��"��ҦI�pM#6��}� S~�#c�#*yV��7&ߒ.�TI��k�0�\�- �|Zݨ��e�w�e�]ź�g��!��"�`(�:��M�et(+��>\8<kt�wn�]��!5}(=#� A��h��Y&<�$�b�b[Oy��K�� ZJqm�{ �>7�2��5♋eű�f��=��ɤ�}�si*��y�d�*#:�F��<T� ��: ��|�X��_W�i�&��3�ӂ8��}��j��y� �&O�9�k��#�fG0�_�E�۽��@�� 3�9e�{}��}7�a'��Ja 3ۤ,%��ػ� @C�+�s�xƴb��ſJ7J�8j.�U�"��8�|��|[�1�i��0=�@��A�F(��A��*��9Ԥ=Ȣ`?��ӝ��<biϩ�9A)=X�{��k� ��b%lk��a7��̗��[�4�ֱ��8��/{Va�'w��+��ʯ�%3��ucnF�'�n�J:�='�o�"��p�Df��IЦa2�E"�=Y��X�0P�m);2�a�q�ϧ[��Y��߈�5% #F��:|�p�.1��b�zQ��q#Wp�QdZ��/��ː+y�ۿ��#��顱�Ɋ��A�3��t�Ʋw<i�p�L��&�Y-~��}^�֦ېc~��P(M�9Į�/�0z݈T��ȇI-��Tm�L֣�뜁 &�Dh5uuͯ4�A�R~Ll�}�/��D�y�'��}�2��ю ��y�9�ʕe��!yW�< i��%�j�m�y�@��f�ai��^�z^'�V� F��2[ϮfS�vXp/`D� @�Z�y��dͩG&:�7�:��.ԅ�$1�>��o�K��Lh�y��q��`�QtW��_��ZS��9a1�Ml �� x)�O�j��?:h��g�so."(�jT�5s�믢p.��#�O;�|�7 0��Osi��YHߏ��,ڄ\1Xq��g��~>ޥ�|ݑ��|�o ��{��Tm��Eʠ6aL K4ޑwB�u��;�n5i�e8�s��p��`�S7��{�L2�� ܫ��XFr��%��ְ}F�_�v�~~�U`��7��F�;��,_�Y��ѣ?1eR��Z:��|7�j��&��r3�r�`8?DU��[ �(u�j8ە\R��,K/��xc>��]�g ਦ嗤�kQ��GvI��3��'q�s�?�<x��MG"�Y�[�h��v��7+��+��͚Ѩe|e1��I:߶��j�Wٔ'?|��c bv*�AwUL��k��/�9mj�~l&h��&Z��IQE��U|�y��d�L��."�&�gK��ý�w�>F��^��"��CO�� Z��Jt^V@i�f��Q��d��Q�Vբ�L��w��3O��2NY��ͯ�Pv�.��;�:�t�,� U�<{��f��K�'��N*�϶t�R�$��ϊ}$N�xGF�:�H1�_�zVNR:tKa��%�YS/�ي�@�b%񱎫p}l(��a#H� �+��Z�uך��--��{2��i�ia��|3:��n�Ϛ��h�d�ٽ�Ap$�1D��#�iEM�vZ�4�hֶ��D��"�ujYNf�s�l�ҕ8.��7��o�nO�[ăv�p��`MQS��!t ��U�Z�F"FZr��J��*^��t�� ":�@\��y�*#�-C3`��@Ț�s�qV))�p�#

Sections

.text
Size: - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0da8ed7b82a1d4f2dc3ba65966669620

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 449KB

.rdata Size: - Virtual size: 72KB

.data Size: - Virtual size: 9KB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 449KB

.rdata
Size: - Virtual size: 72KB

.data
Size: - Virtual size: 9KB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B