General
-
Target
NEAS.002216c18e593f4b7966f6ae997c8f50_JC.exe
-
Size
67KB
-
MD5
002216c18e593f4b7966f6ae997c8f50
-
SHA1
599b48504d74150d3cc6f59ca7fb9abe08ad0e67
-
SHA256
e82464225f08fb8c3710ec6980dbcfe4cd1620236fc46b545793de1ffe82a3f3
-
SHA512
c5cd7b5ca8f0b41f78c0cdc66db6b0394c5902d8ee0629809d0286ca434c223c096b9acc2bdb321a1be13cc6ed80cb78bc57409a9e402c668d8cfe3c6520ea23
-
SSDEEP
1536:j2dEF87Jm2bBsv1y7e/ZjywfN4dKYdaCxpsyxpJZWYNQbObu6dgVnh:67QEBfS/VlCLRxp55QbIdg5h
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.002216c18e593f4b7966f6ae997c8f50_JC.exe
Files
-
NEAS.002216c18e593f4b7966f6ae997c8f50_JC.exe.sys windows:6 windows x86
ac525a01983d20605533bc430318094e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeTickCount
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 384B - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 384B - Virtual size: 284B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 640B - Virtual size: 524B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 996B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ