5d1e7b6de2842f103436463d0ae23ebe[.]bin | Triage

Sharing

General

Target

5d1e7b6de2842f103436463d0ae23ebe.bin
Size

360KB
MD5

232a1469b7aec8aa3aa08e1574cf6d70
SHA1

b9c395216290062c470be1b0d25bf53ed547b738
SHA256

7840db55b57dd600d55dd90ab6d7c7bdd008bef65ddf274d78f21ff403a2c4a0
SHA512

564b2bde0bf0199807dec2716da020fd74439f18dce48787d3b090a1da6d5bca4c4a68ecb7c4ba5ac50210333a85f1549dc56ef8ea5884ecdf9899500687dfde
SSDEEP

6144:2xwPAhPI1eFWAS2C77pxjFAOc+Qi1AGPqZ2PnBDzhvZkYKD+6D4bHiz+KtN5YBbE:XAhwbASj77LGOcZ4AGPqU5tGSUr+MYBw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/191707605942e547a36afc53f094f9b1269f34b6bcec4dbfb22ee68924bb85ea.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/191707605942e547a36afc53f094f9b1269f34b6bcec4dbfb22ee68924bb85ea.exe

Files

5d1e7b6de2842f103436463d0ae23ebe.bin
.zip

Password: infected
191707605942e547a36afc53f094f9b1269f34b6bcec4dbfb22ee68924bb85ea.exe
.exe windows:5 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ