General
-
Target
032b2d63ce2640b4366fc49af249deae
-
Size
706KB
-
MD5
032b2d63ce2640b4366fc49af249deae
-
SHA1
c35bcccfd77b208a59cdbb6ad3dc3996dd956d4d
-
SHA256
23b347d41aed2165b92910aef8ff2138eff43ddb9510b45db535dd953a04d3a7
-
SHA512
ceea23cda184b30fbc02301485ff17b9998f5628c08b2265969578b6d4f855eab10c95a2a32e773ca86f08abb07bb7420b149e5b193426c5411b687bf2d43933
-
SSDEEP
12288:/0WrJG3cjI9ydmvaPPpZ7hdMTBOPsKO/KMEf53m2OorefKDirPH:/0k43cjmkBFPMTob5W2XirP
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 032b2d63ce2640b4366fc49af249deae
Files
-
032b2d63ce2640b4366fc49af249deae.sys windows:5 windows x86 arch:x86
9f8a07ecf5302b34c2db1353f0d793b0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDriverObjectType
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 601KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 704KB - Virtual size: 704KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ