onetap_hw_1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

onetap_hw_1.exe
Size

6.6MB
MD5

e6e64663c643450add79c0a836b43e61
SHA1

c09403bcf45324c83e8945c0fab725fcbe1e989a
SHA256

03f44ccc49d489b5438f7a42389fcc8ba8d13127e005704917915ae5c9c474cf
SHA512

a34e5e0fce830fabd2aa839f352f438687b4012801a40ad387374ec00e4597f92086f7cc66c521522e124df325749eaab30ef28426ff6d2cfdc6d82c0ef904f5
SSDEEP

98304:3fM+3ZiTTDSzuxU5kwDLQ7ncVyNUUpYY4iB+AneQqHTK2LaTeVvqE4Iu1s9B0Ov0:3teDSzV/cnSKk++AeQ4TKzAmWts

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
onetap_hw_1.exe

Files

onetap_hw_1.exe
.exe windows:6 windows x64 arch:x64

acb50b6d480dcec4751f016f419e9242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

AdjustTokenPrivileges

winhttp

WinHttpQueryDataAvailable

ws2_32

closesocket

iphlpapi

GetAdaptersInfo

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acb50b6d480dcec4751f016f419e9242

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

ws2_32

iphlpapi

wtsapi32

Sections

.text Size: - Virtual size: 251KB

.rdata Size: - Virtual size: 133KB

.data Size: - Virtual size: 34KB

.pdata Size: - Virtual size: 12KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 4.5MB

.vmp1 Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 512B - Virtual size: 212B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 251KB

.rdata
Size: - Virtual size: 133KB

.data
Size: - Virtual size: 34KB

.pdata
Size: - Virtual size: 12KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 4.5MB

.vmp1
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 512B - Virtual size: 212B

.rsrc
Size: 512B - Virtual size: 480B