General
-
Target
623477e53debc54b57f113005a239980
-
Size
664KB
-
MD5
623477e53debc54b57f113005a239980
-
SHA1
122f801c21910d29dd03c0f82e21ffe26dc0a0d4
-
SHA256
54b18ef8f852f42a1719ef39ab12980a7d994d2813bc4b12b74680036346d8e8
-
SHA512
a078814d1950b8682577806a4fd15816e8d90d20f60abb61906c632376067b123e9e4b9aa0bee070a2fce23f4995a877b25d2133d1ef987f8640eac6301e431a
-
SSDEEP
12288:/7s8ahFkjiGXpHUdIeCC+uVqZHu0jDDNphiWXsrVTXX/tAR88wELhMreojVta:zspDYxXVUdIeCmsFBpAWXsrVTo8tELhb
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 623477e53debc54b57f113005a239980
Files
-
623477e53debc54b57f113005a239980.sys windows:5 windows x86 arch:x86
293165e00c838770741e9e4a452b76d9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
PsGetCurrentProcessId
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 562KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 663KB - Virtual size: 662KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ