SecuriteInfo[.]com[.]Win64[.]Evo-gen[.]9674[.]3455[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win64.Evo-gen.9674.3455.exe
Size

5.8MB
MD5

d16c93d696bf344dae32187d1f7f67ca
SHA1

801354486c24fea521b2fa6377b9b24204f1f4a7
SHA256

b1126a011e481718b8459a4e3295f208cbeb6df38149712a6eba689e99edf5c6
SHA512

f021e0caf84cbba07136d1de04ef721cc7c6e6e9d2fcf0f8855bb38358914fed4f5df329f4adcb23aca63fedd6fd722eb07ca19c707694abf453ec5b40f87439
SSDEEP

12288:tTmwrO3YbX/9BKgzWfs1SWaw9wziDfGSm0f:5xzzWf4aw9wziDfjm0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win64.Evo-gen.9674.3455.exe

Files

SecuriteInfo.com.Win64.Evo-gen.9674.3455.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ