General
-
Target
NEAS.5ec13b5ee50ede880155d193e79cb5a0_JC.exe
-
Size
5.8MB
-
MD5
5ec13b5ee50ede880155d193e79cb5a0
-
SHA1
517711474ebdab7e6771a461f45c65d9d422971b
-
SHA256
67f8a74f603b8655f413f1a3efedd1e62ccd0f8a62872c897f79bebacea16047
-
SHA512
5086962b1a4a9b2d87ef756e38d09d30a3b5f05414e1b6954c55843c3859e8ed97746f5a6f8be5922caf53fa33bce345f240469c53bb11fb689a71d74058d92a
-
SSDEEP
98304:v8Ezk374Nh0fkyAKJWBs5nNXLjbxhaEuDzAJ+wr9qGUSM+JlIqUEnU:zk3O28y+yNvbGEuDzNYzU
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.5ec13b5ee50ede880155d193e79cb5a0_JC.exe
Files
-
NEAS.5ec13b5ee50ede880155d193e79cb5a0_JC.exe.sys windows:10 windows x64
af43788a27666262eb901e8cd260e57d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
_strnicmp
RtlInitUnicodeString
DbgPrint
KeBugCheckEx
ZwOpenFile
ZwClose
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmIsAddressValid
__C_specific_handler
_stricmp
NtQuerySystemInformation
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
MmGetSystemRoutineAddress
ZwCreateFile
__C_specific_handler
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeQueryTimeIncrement
DbgBreakPointWithStatus
RtlTimeToTimeFields
ExSystemTimeToLocalTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeRevertToUserAffinityThread
DbgPrint
hal
KeQueryPerformanceCounter
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 236B - Virtual size: 236B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.l1 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE