SecuriteInfo[.]com[.]Win64[.]Evo-gen[.]18134[.]1739[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Win64.Evo-gen.18134.1739.exe
Size

5.8MB
MD5

15b260d5f735e72a738a1571a4a96b4b
SHA1

ec4aba797a50e669a9ec503d1dfc5a15a9bbe57a
SHA256

dd0ec27b0b9352127440ef5fd3f4a497a064c6dcd444fae15ca20f7cbaca2d43
SHA512

47bd87f13dc943ac3a8863f915d7dfa7f72d10ccd2a314d2eee9888b1cf96ae0ecd8b8122d2ee6ea9efbfb5d8a48e51c3090055ee211d953635bab74c6fb1123
SSDEEP

98304:5s4aXzeiPlTQ3PmTqlzdsZl5TGiPFsV7bvDdpEPnBg:5lOImGFd0THPSDDdsS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win64.Evo-gen.18134.1739.exe

Files

SecuriteInfo.com.Win64.Evo-gen.18134.1739.exe
.exe windows:5 windows x64 arch:x64

f9e4e52991070df47f71115af20a8652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptSetHashParam
A_SHAFinal

cabinet

ord11

crypt32

CertFindCertificateInStore

cryptdll

CDLocateCSystem

dnsapi

DnsFree

fltlib

FilterFindFirst

netapi32

NetServerGetInfo
I_NetServerTrustPasswordsGet

ole32

CoInitializeEx

oleaut32

VariantInit

rpcrt4

RpcMgmtEpEltInqNextW

shlwapi

PathIsDirectoryW

samlib

SamEnumerateGroupsInDomain

secur32

QueryContextAttributesW

shell32

CommandLineToArgvW

user32

IsCharAlphaNumericW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

userenv

CreateEnvironmentBlock

version

VerQueryValueW

hid

HidD_GetAttributes

setupapi

SetupDiGetDeviceInterfaceDetailW

winscard

SCardFreeMemory

winsta

WinStationCloseServer

wldap32

ord122

msasn1

ASN1_CreateModule

ntdll

wcsncmp

kernel32

GetVersionExW
GetVersionExA
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

isdigit

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9e4e52991070df47f71115af20a8652

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cabinet

crypt32

cryptdll

dnsapi

fltlib

netapi32

ole32

oleaut32

rpcrt4

shlwapi

samlib

secur32

shell32

user32

userenv

version

hid

setupapi

winscard

winsta

wldap32

msasn1

ntdll

kernel32

msvcrt

wtsapi32

Sections

.text Size: - Virtual size: 597KB

.rdata Size: - Virtual size: 305KB

.data Size: - Virtual size: 28KB

.pdata Size: - Virtual size: 19KB

.vmp0 Size: - Virtual size: 3.6MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 156B

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: - Virtual size: 597KB

.rdata
Size: - Virtual size: 305KB

.data
Size: - Virtual size: 28KB

.pdata
Size: - Virtual size: 19KB

.vmp0
Size: - Virtual size: 3.6MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 16KB - Virtual size: 15KB