NEAS[.]91e5f4b1d15796f6729820ecccf53ee0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.91e5f4b1d15796f6729820ecccf53ee0_JC.exe
Size

1.4MB
MD5

91e5f4b1d15796f6729820ecccf53ee0
SHA1

28a84315b2c1ba46eaed2c1b48d60046d4981263
SHA256

9e0b73208683869b4552ff870e98e0c5c8534f535f838c1ab75b374d2f43f1e7
SHA512

f6c58ccbd599f2e2d3ae7b3bea4c82fa0d7e9718ebc9daf8919d3bf1a68d9b3b7a30aeac9a9bd15dd1552edf76fd2ab1b512f1e7e42e1b5265e432ee5379b7f8
SSDEEP

24576:YkgkUfDaxf+5ezOuzniO+X0CG1SSVdR81WRouGHKO+nFh2al+bogtMcbawIPIXP:YTqznh+X0CMpJP2aKdYPK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.91e5f4b1d15796f6729820ecccf53ee0_JC.exe

Files

NEAS.91e5f4b1d15796f6729820ecccf53ee0_JC.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 720KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 628KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ