General
-
Target
18772f1c5db6e42e4da8667c3fe3e372
-
Size
785KB
-
MD5
18772f1c5db6e42e4da8667c3fe3e372
-
SHA1
bfa45dd1072ba1c0d1e3db55db4e0bd555aafb70
-
SHA256
48a27421094c4dac61295242df1375b70fc27611dcbb1252d94a0599a9b179a5
-
SHA512
3336e7d8fc5381abd4e8ba04f1dfbaa629cd7c42693ed90bf4ac39d9c59a15943e2d04a136ad95459c989aab328894ee99c2b5ff4778d334737f2af2edb1a1aa
-
SSDEEP
12288:KIX34k450urq2HmLQDUTKF8X3rJH3U1vAj9wqJQ3gPCUW1Qe4shD5U18mz1sls:Hn7uG2HnQxFHBjbzJW1QAu
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 18772f1c5db6e42e4da8667c3fe3e372
Files
-
18772f1c5db6e42e4da8667c3fe3e372.sys windows:5 windows x86 arch:x86
2f9177fd5ee4852c3f34f9fd63c4c9b5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
KeUnstackDetachProcess
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 404B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 676KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 783KB - Virtual size: 783KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ