sectoprat | 63110829dd5c037d4c40e48e6a095e14 | Triage

Sharing

General

Target

63110829dd5c037d4c40e48e6a095e14
Size

2.4MB
MD5

63110829dd5c037d4c40e48e6a095e14
SHA1

478d1587dbd126d25435c4402c8b282d7a296df9
SHA256

590dbf85b61046f6b2991e7b640379b9e73841073c206fd2daa633148f4df910
SHA512

543e4ef333e10d2b29418a6eb4206714668150bd6985c8ac6a6cc939837222ef60915b33f732009e1901bba834d51d65149a9bcde58889093a0fad0361d7cf48
SSDEEP

6144:phs8DFuQ4gFIOg+G/5yH9cMEKJhBy7/hyQgc:48xuvZ5yH9cM3By7

Score

10^/10

vmprotect sectoprat

Malware Config

Signatures

SectopRAT payload 1 IoCs

resource	yara_rule
sample	family_sectoprat

Sectoprat family
sectoprat

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63110829dd5c037d4c40e48e6a095e14

Files

63110829dd5c037d4c40e48e6a095e14
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ