NEAS[.]7379736ef84e8e6af71afb8509ed7460[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7379736ef84e8e6af71afb8509ed7460.exe
Size

620KB
MD5

7379736ef84e8e6af71afb8509ed7460
SHA1

d6622f41a8e859151823eca651b2bf2b8c88eb98
SHA256

2999c4b1ad6f4dd4bc3a1ea304fe85986866c186aba9f2c185cb4e85d3d6833d
SHA512

eefbb4bfdc391d09f4ba7b8c2cf4030ce4549877159d6997e92335fce27cbe9b56e187b670ffe0909202850ceb692018673f8261dcbff03695ffb7258caa046a
SSDEEP

12288:N12wACjrAd7Az4EY1Kxg7M40xlGVbA+NZKjjUuzhEqOIx4UQueeOj79PZ:N12z7+H6KxHlGVJNZKjjrK7IqdPJRh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7379736ef84e8e6af71afb8509ed7460.exe

Files

NEAS.7379736ef84e8e6af71afb8509ed7460.exe
.dll windows:4 windows x86

f02d5493998b4d30e91f79f7f25db764

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetStdHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

user32

OpenClipboard

gdi32

CreateRectRgnIndirect

winmm

waveOutReset

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

LHashValOfNameSys

comctl32

ImageList_Destroy

ws2_32

ioctlsocket

comdlg32

GetFileTitleA

Exports

Exports

��
��
�漴�߳̾��

Sections

.text
Size: - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 604KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f02d5493998b4d30e91f79f7f25db764

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 531KB

.rdata Size: - Virtual size: 110KB

.data Size: - Virtual size: 169KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 67KB

.vmp1 Size: - Virtual size: 217KB

.vmp2 Size: 604KB - Virtual size: 600KB

.reloc Size: 4KB - Virtual size: 96B

.text
Size: - Virtual size: 531KB

.rdata
Size: - Virtual size: 110KB

.data
Size: - Virtual size: 169KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 67KB

.vmp1
Size: - Virtual size: 217KB

.vmp2
Size: 604KB - Virtual size: 600KB

.reloc
Size: 4KB - Virtual size: 96B