helloworld[.]vmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

helloworld.vmp.exe
Size

871KB
MD5

22dae1de6c2c2b47b35088f1a30170bb
SHA1

561e1e3d100f7b1ae6e3dfa12be83848ad5450d0
SHA256

8f0cb72fbb9071bdc834cdf89e3cc74698d8b734fdd7693e798cb5c4f595d7ee
SHA512

5a0b1b4aa9b81208a5875f3ffd66480268c96901ea7fa8ee5a4b58378e0c30e299bc6b9dfc3926535e196b2c28ae9080e417fc2f1dfcc749eaa80c4d49bbb934
SSDEEP

24576:oDQd1uRZt3kkR2JV3T5m1TjEgemiJeoiHe+mv:J1GZkTwQrPeY+g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
helloworld.vmp.exe

Files

helloworld.vmp.exe
.exe windows:6 windows x86 arch:x86

5fc7b9c32b9e70dda6f0abc3db90a7df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.L+~
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.| H
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.?8H
Size: 869KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ