General
-
Target
1b480f5dc60ad70561128583a4b58f98
-
Size
647KB
-
MD5
1b480f5dc60ad70561128583a4b58f98
-
SHA1
bec0150652925e467f5210abc0954a2148747aa5
-
SHA256
62fd9eb6de6a576d0547d226eb8b8176b2d5a573a41a062b05e014a762f08085
-
SHA512
72151138249ea7294afa90d9706af9a67b1d0cbd629198a1f9f442288ee0ae766fcd23c7e4879a76265b45a31bf49a74d32b5fc044dddc4f554262586dec6919
-
SSDEEP
12288:nOsHfLPxuSrztIWMStEse7hAzqLZN3StYpXiqcH99CXK9PGbC:nOsHftuSrzOW6AzqLmDqG9AM
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1b480f5dc60ad70561128583a4b58f98
Files
-
1b480f5dc60ad70561128583a4b58f98.sys windows:5 windows x86 arch:x86
ff8ab7a8626eda15f07c7d123416e88a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
MmGetSystemRoutineAddress
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 553KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 646KB - Virtual size: 645KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ