General
-
Target
15bd310e15b5d40b4e9e70a2993e989e
-
Size
685KB
-
MD5
15bd310e15b5d40b4e9e70a2993e989e
-
SHA1
7fcf0b8a7eb9a2e55d82521a637651eb812bfb51
-
SHA256
c2d2dad110685def98e1bc6d6c375329257d3a180a9f672c01bcbe0352a4ba4d
-
SHA512
2869cdfd01d2bebbef3cc3d13e45393e1d8e62448ceba2410a06c53e55c883ef3c5df962d3b59fbe7f36ef93b083cf16c46d90a2a7ec9f79aa6473d68801cceb
-
SSDEEP
12288:h/AEIKhcFt6hxwRxixF7ay8mrclrCDXdlOnaTew3NMrxKz8:lBIKhcD6hCRyayPLdlVTewoKQ
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 15bd310e15b5d40b4e9e70a2993e989e
Files
-
15bd310e15b5d40b4e9e70a2993e989e.sys windows:5 windows x86 arch:x86
97738a0b264785a263210d7afe6b42ae
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
memcpy
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 914B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 592KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 684KB - Virtual size: 683KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 236B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ