General
-
Target
05d6dd3469c9f057aa85437efffad082
-
Size
687KB
-
MD5
05d6dd3469c9f057aa85437efffad082
-
SHA1
3cf44921b2e156d7fa21bb70e1c7e408b5169c6a
-
SHA256
42ace022eb81771fbf111bd6f0ddb29f910c2c24eecaf6880384b0667b2c28d3
-
SHA512
8a44d3ee07662f9a5bd1c0a371c5644fc0d0b40f76fb6dfc49a35fc0acd3c29437c714cf73f70c79c2ad22af015917c28d9b34b9e66e54061e9db8aef0b03f2c
-
SSDEEP
12288:WlQQqUmprk46dGbYbfqzBRtGBO3OcmQcb9Yed4ZUfk9vX0h5TOlLHxUe1GH:BUgr6dGbYbyzBRtGw3Ocm/vs9chZO9R
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 05d6dd3469c9f057aa85437efffad082
Files
-
05d6dd3469c9f057aa85437efffad082.sys windows:5 windows x86 arch:x86
c0e838d3b00ca8660abb852c8e56b8ab
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoDriverObjectType
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 581KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 685KB - Virtual size: 685KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 220B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ