General
-
Target
2a08b1d9248e8326209ebf62dda4b61d
-
Size
671KB
-
MD5
2a08b1d9248e8326209ebf62dda4b61d
-
SHA1
6408b2bcc7f21f269902a72e69af2953d5a0449f
-
SHA256
48a146e44393461a1022943616563f249fba4832f158a27733bec4f9e8021723
-
SHA512
3dd23f83e340e509ae0649a1cc05b5d693bcc4035b687013f9f5f5b93785392cffe4e22afd2aec404607000adc84352a2015fba53109680a49e8d4372e7bcd7e
-
SSDEEP
12288:YWpXiiACkwlKyj3N7YHlxfVx/3sP//woq4EC40lmrjpeHuqkmTyfsjTm:YWpXtcMvJ7YHB1sPQofEwW9NEXm
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2a08b1d9248e8326209ebf62dda4b61d
Files
-
2a08b1d9248e8326209ebf62dda4b61d.sys windows:5 windows x86 arch:x86
671ba4867a8ac18bb1b9ef1999509e39
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateSection
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 561KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 669KB - Virtual size: 669KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ