General
-
Target
lytsts.exe.vir
-
Size
5.4MB
-
MD5
ca1ab971d4655ec64044f543cc68f577
-
SHA1
1e7d22a98a7c5bb9a7dbf38435550e1d477d20ed
-
SHA256
3e1ca940f1223c770ac98407d79844a9702a3848279493752729a0180b8c8407
-
SHA512
f2f4d668b1746f4dfc760e2b5ef90ffc9e2183ff7730f20c328b2e91dad7f93fe58470489a5841d5c926458136b6066224ca11c4f0a614b0ca45d404afcaa118
-
SSDEEP
98304:u3SYSAnixVMVcxkLfzAFery45qP99i0i93InSuQiGaOWoDxxOss+DP:iDSAi7MKWfJrycqziJmnSHWUxJsY
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lytsts.exe.vir
Files
-
lytsts.exe.vir.exe windows:5 windows x86
2df728b239afe0a1df3307c216dbb0f4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
ws2_32
recv
wtsapi32
WTSSendMessageW
user32
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
Sections
.text Size: - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ