SecuriteInfo[.]com[.]Win64[.]Evo-gen[.]21741[.]32682[.]exe | Triage

Sharing

General

Target

SecuriteInfo.com.Win64.Evo-gen.21741.32682.exe
Size

5.8MB
MD5

6ea38b4720317490c9f3ce180bee2816
SHA1

03600bf9e8c82c26c3c248e13142c9c41b17c9e8
SHA256

a01ac4a56d2801d38e198e8997141903feaddce1ccaf0446dce54cf36f496009
SHA512

bdba9b800a70fb8c6bd46f76a1ebad30069cbfaad99f57b293b69eb0b7c6f3d0631365b8a669ba8d9886e6cf5d745441663f602cd6c781496734b4de867863b2
SSDEEP

49152:5s4aw9wzebmHvlNq0jc3PmTsVWGlrXdHtWTQAN:5s4aXzeiPlTQ3PmTqlzdsZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win64.Evo-gen.21741.32682.exe

Files

SecuriteInfo.com.Win64.Evo-gen.21741.32682.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ