General
-
Target
014fe23bd99e9ca4f54d12f126977448
-
Size
715KB
-
MD5
014fe23bd99e9ca4f54d12f126977448
-
SHA1
deccdc5949e4c950857eb54994d616122ce6d308
-
SHA256
44ada522d8a62dc4809b9f1ff6ce84f60fbbced0c1ae29faf508927fa40e52a5
-
SHA512
bd036230b05c076de9f04f93fbba6fe0d6b69a6c7ba356f993034d8d0fde5c9039fc8f2752a95456c619b03ed1248a5d30cab64e30249e3971982d7a97462518
-
SSDEEP
12288:vKiVotT1+67S7kbuW5Pw4Oj8nA7FKhw/wCu4zpqiA3h/BnTq4f8lokndJ/YL:JmukbdPXZA7FDLj+h/BTq48/nML
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 014fe23bd99e9ca4f54d12f126977448
Files
-
014fe23bd99e9ca4f54d12f126977448.sys windows:5 windows x86 arch:x86
904f7e2bac4990d06587d0bff59c2cf3
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 890B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 619KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 714KB - Virtual size: 713KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ