General
-
Target
4b380b69d86d68fad9fe8d0e2516b62c
-
Size
740KB
-
MD5
4b380b69d86d68fad9fe8d0e2516b62c
-
SHA1
d16971ab574d08ee95905db27cd0d34dbd6c2b4c
-
SHA256
4c17c59382308d45239ba344017189b99201c5b036f17faf63cf4cc1641c64b8
-
SHA512
929ecbb063e1fe7a147a561a13f3721af96f648f405b6246a010801c72cc8a5873c18146878e25b4a06a526347a986e25dc964826fe1b92f42bc1872498051bc
-
SSDEEP
12288:nkztNIiLGrghPXdkBEpNLoFbqQ3vstALzGpq26QvgeRbUh1S6poQ7kBagMyx:nk7IiLGUhPdSEcgGs+d2Yegbzgf
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4b380b69d86d68fad9fe8d0e2516b62c
Files
-
4b380b69d86d68fad9fe8d0e2516b62c.sys windows:5 windows x86 arch:x86
75242457bbec8c5167a282772ce9c905
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeInitializeEvent
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 625KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 739KB - Virtual size: 738KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ