55832881da5016b55576334a79eafa69

Sharing

Copy URL Twitter E-mail

General

Target

55832881da5016b55576334a79eafa69
Size

5.1MB
MD5

55832881da5016b55576334a79eafa69
SHA1

b314e6850842688b4fa54c56e10393d215f0df88
SHA256

7c6d7c3a1fb1d10c01551e5ec0fefde25dd3802b7fff6dc444aaf492f37a4138
SHA512

47724739d28d334f4b62160b33e5c8395b1bd24029b165d47ce9b9993b72a71a8c70bbb1a3b38e8fc2fca16f27c5fc06e31698e3bee1727f4a0510492acd08d0
SSDEEP

98304:Gucz+cnCA76yktVNhomPo+nsxXH0ojGq+rEQRQ7cUhKdfT5fRt:Gnvrp4roH+aH0oiq+rEQmOrDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VnHax new 113 gaming.exe

Files

55832881da5016b55576334a79eafa69
.zip
VnHax new 113 gaming.exe
.exe windows:6 windows x86 arch:x86

2a7a9cecd8b376628498e3473352aeff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ControlService

ws2_32

send

wtsapi32

WTSSendMessageW

Exports

Exports

"|@�E�z�W`��O|�L�>�M��&�15��'��y�;��j�>��.zm�n4U��ɜn<��ί ��N ��NU(��b�>�L�f��.P�m�ח�u�jO�^�L�&��ŪW�E�T��+��\�eK~��2�qiǶ�eBc5��3zvq��R�a��(u��{(�2�{��>$8��Ǝ��+j��+%�Ӡ+8b��.�TZ��M��m2%*��9��a#nG��˒�W��!�og)%�xt6�R��)�q�}��݀X�88h��I��6 �~׈c��1��Z�N�ߏ�!{,��^� Z:x�ґ�d�Ig� x! |.��&DP�k��&�@B�GI�V�e�j6��V!��Ygb��=p<N��ͧ?�yn�UM�ꭂ��ݠ��q��@��2��m�� ;J>��*t��b;�E9��WҾ��ߙ��'�u��Q_NU��0t�*�E�cD��Ȇ�|_<��0z�� W�8�bũ�b<O�,n�eFفT�=N}�R��&�� F��d�ڮ��H>�I \��I�Ҡ\ 1t��U%��s�=��3;t�\�t�c78�Jy#"�_f/%1�P�8O4��c\��p��H�5�|]0��j��EOm�.p�VyC�^@��9tt(�SYԠ�]��]�p��R�2��u�KOMq��b� wy��ΈLV��#B�a!h�D6:sŰy��^5��RZ�$c,��5l"�!�Q�T��2��h� �V�46��ܧ aZ�� $۠U�p{��Á�0�&I�q4c�a�0�~M��Ny6©��Hș�T ��~�P�e��F�M��<�S B��t��;ݼq��g�J��6��ܶ��F�d"��7�~R��RG�)o�n��N��N5�8�/2ƺ��];KȐV��a��s;�f��t9�qnKt�H�ٗ�=DS��*��;#%�5��;]~D��9(�h��[��yf��Z��?ͻ=L��9��)Q�J��m@D9qn��v;p�^�At��V*c��It��x�ҏfÑ�3H�$:��%��ʮ��-��\��m��"<f��æ��7��5i�'d �KCq�h��8��CI�'�#C]�aE~k[&�t��BCT�b=}�I�'��S��:},��d9�T7�6�n��o��ő�zP�y�M�1ڡ�Av}l�K��L��.�m�58��$��P�5�+!� )�El?D�y'<&kHJ��T��kwƥ�b5)MRa�ؚ��΍=��x�u�:M��F�A�%�<��,Z'kJ��4��tT�o�S�%�,�/��ߦ�k�g:�1'*�� O��W�}�oԀ��X%:uH,��]"�pSΚ��6g��%��?z� lb��s��aR�Y͸�w|<9�=2U{LvA��i�:�-��^ݷ�k��.��aaw�4n��/�$�� x��SRd��.}��*e��2��6rQ��%&B��-o_��/�Li�S��Rp%x �ɭ�Y��'�Qy��j~\r��֚�� yj�,�,�́��4mC��ε�%!ZD8E3��n��ܚ�*:8��+��5�̑�+�J�ˊ�'��^%�J�,�� 0�E�b~�2�J��U6U ��`�@{}y��Sl�z�� u��f��,S-�:=��d�C�4��Z��W�y�.u(� �0��f[B��n��1T�A��X�T��@�q��o��.|�i�n�+�� &�Ȝ�|�n}�� <Π�ė��N��1��au2�R��6�w�a��A��m�D�&�;�ɕ��y��<�_p�B�<��}�y��x�ND�?�sҺw#��<3��f;��i_/�<��2%(�x��g71��@�5y��|��8g�� D��Tp'U�=�Y�*y�B��#�'kX�7wp "��GOy2M��氂��7Uu��nײ�h�P'e��$�?v��_��i2^��n��P��OZ�D�sE�6�D�� O��!�U�� Z��G��Y� |4f`g*n��Z;��Z�q/��j��/��y�*�v.j5�ʡ��LV�c:��Y��Y|?�XAqyb� ��o|��I]d�еQ-��X΀�p?��(+��5T�e��f_��#�"M#�_��-3��[��Õvn��a#�Q�'�-P5��leu��I,��?\bP\!Q��p�#%��u�u=�q��G��5�b�w�F��H��ty�l5�=P��RC�a�E|��ۍ�:�\��l��C�� (t�<;�A��L��*��l�^T�zk��%�VJ�S�,%��W�r��E�s� ��X��V|t��3�L^c��m��;+�ؑ��1��磑�.(��A��=��Mh!�EqkB6ք�r��ҥ� �_GQ�A[I��x�;<�&TM��x e��bt\+�1��'K�Eq9sf_-�Sp$T޵L��q�rA��Ӿ�|�Оؐ�G��|?<|,�e��'m��8�&#�+�Gv F>ds��KKW#�26��v�$�F��W;vV��d Р�ӫh�h`��),/j�0��4#o�M�q��)��//�$�`�f+i�N�5O��h�L�P�D�Gv̤B�S#�X3+7R7]Ĳ-O�� {�a��W2�ו;��g��[dO��Zm�>�2��Fѕ4@6L��}�45�o;%��*+��M�֖��i��4��M�a�Tݥ*�cS-�� fq�Tk�C<�w��ݍ� (B1�-��|,��|o��[r7睚2J�T�E@�+=��G89�`gI��ky��Ѫ[Ae�w}�~=��\��̿-��o��+ :ix�˞�`{`o!��k+�Ȯ��_��1X{��Ŵ�h�s�?�}�MpA��

Sections

.text
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vnhax0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vnhax1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a7a9cecd8b376628498e3473352aeff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 161KB

.rdata Size: - Virtual size: 66KB

.data Size: - Virtual size: 19KB

.vnhax0 Size: - Virtual size: 3.1MB

.vnhax1 Size: 5.1MB - Virtual size: 5.1MB

.rsrc Size: 306KB - Virtual size: 306KB

.text
Size: - Virtual size: 161KB

.rdata
Size: - Virtual size: 66KB

.data
Size: - Virtual size: 19KB

.vnhax0
Size: - Virtual size: 3.1MB

.vnhax1
Size: 5.1MB - Virtual size: 5.1MB

.rsrc
Size: 306KB - Virtual size: 306KB