NEAS[.]54cba8f0314c36caa69b9402460eef40[.]cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.54cba8f0314c36caa69b9402460eef40.cab
Size

1.1MB
MD5

54cba8f0314c36caa69b9402460eef40
SHA1

d1fe9b1fa1109fd800132d2cd9ba3154deb4e533
SHA256

15583bb982ab97c32fe24f153ce56acbdf6de5fdb12874fe73771664efcc8201
SHA512

1a0e5a573c7f0e54c0f38d932943f193dc2ac6d1e1cbfa6c6ecae611ec18c78b215cfced849ef79389f400114e8b3d9b2838a2d01c7dd0849ffeb0de015d9b88
SSDEEP

24576:d04BMeRocDP1NPQDhkPTh4Mcgiwkew8vroUQGDXDNSnf6BlMRUTv:Oi5ooAFeORSw8vlQIzNSnf6y4v

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/winupdate32.log	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winupdate32.log

Files

NEAS.54cba8f0314c36caa69b9402460eef40.cab
.cab
sysupdate.log
winupdate32.log
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ServiceMain

Sections

CODE
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ