06d9a361150139ef66ff51ad8c29a2b2

Sharing

Copy URL

Twitter E-mail

General

Target

06d9a361150139ef66ff51ad8c29a2b2
Size

288KB
MD5

06d9a361150139ef66ff51ad8c29a2b2
SHA1

17c5dfe8d749abe1f16cb52d50a061d2d009d26a
SHA256

b32540d401fde72adaa2d59d4386353e4dd60edeb8ebc5d8bc26fd55f88854b5
SHA512

bbe06ebe4aeeee3daf6035ab5c76c5a6c0718b6847534e2b99ce2ec7f0f6e458b6a3ddd0c405ee33b9f1cd1981d838ddc55ddbfc5c56d224cee12c01a2bbfbc2
SSDEEP

6144:BveXCgf84/7uEiADCEFz+VMOOVL7um1pdjFoMhP3SpLRcAa:sXB84/MCmLOVL7uspGMB3SpLRcAa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d9a361150139ef66ff51ad8c29a2b2

Files

06d9a361150139ef66ff51ad8c29a2b2
.sys windows:6 windows x64 arch:x64

817d2131b967b1ff89103d8b8c292c37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoBuildDeviceIoControlRequest
ExFreePoolWithTag
RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
RtlQueryRegistryValues
KeReleaseSpinLock
MmBuildMdlForNonPagedPool
IoFreeMdl
KeReleaseSpinLockFromDpcLevel
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
ExAllocatePool
_vsnwprintf
KeQueryTimeIncrement
ZwClose
IofCompleteRequest
IoGetDeviceAttachmentBaseRef
KeWaitForSingleObject
IoFreeIrp
MmProbeAndLockPages
PsGetVersion
IoAllocateIrp
RtlAssert
KeAcquireSpinLockAtDpcLevel
ZwWriteFile
IoAllocateMdl
IofCallDriver
KeAcquireSpinLockRaiseToDpc
RtlAnsiStringToUnicodeString
strchr
strncpy
RtlUpperChar
RtlUpcaseUnicodeChar
ObfDereferenceObject
IoCancelIrp
ObReferenceObjectByHandle
ExAllocatePoolWithTag
MmIsAddressValid
KeBugCheckEx
__C_specific_handler
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

817d2131b967b1ff89103d8b8c292c37

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 70KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 194KB

.pdata Size: - Virtual size: 1KB

INIT Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 270KB - Virtual size: 269KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 70KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 194KB

.pdata
Size: - Virtual size: 1KB

INIT
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 270KB - Virtual size: 269KB

.reloc
Size: 512B - Virtual size: 12B