General
-
Target
21bcb3fa9e1179fd15f913e15c1d6994
-
Size
756KB
-
MD5
21bcb3fa9e1179fd15f913e15c1d6994
-
SHA1
feefd9bd27f6f9b284bf601bf167c5e5e3ddf09a
-
SHA256
8db031cba0dd7838bda6d4a37145dafe6088af3db2cbc91e939e55d6b1f27a53
-
SHA512
c8606a491b10d0e37b6ca31092d9c1391eef2c1f4d20ba8e6824c14314284dd32111f5a9bd6be0172980edd473697b5d9740ae3f4f585e17550563d70f9f7686
-
SSDEEP
12288:vU7RfJyTnu0S7xAOBZrurbjsXXcnkMthmTVhm5KukBuhsvS41A/T:s7RfJUu0StAOB8jsHcn6SDkBuhsvS41
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 21bcb3fa9e1179fd15f913e15c1d6994
Files
-
21bcb3fa9e1179fd15f913e15c1d6994.sys windows:5 windows x86 arch:x86
1b1abe80d71f94a54457baaffeb43571
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoStartPacket
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfRaiseIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 890B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 644KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 754KB - Virtual size: 754KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ