SecuriteInfo[.]com[.]Win32[.]Evo-gen[.]24509[.]1848[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Evo-gen.24509.1848.exe
Size

2.0MB
MD5

eea8e0c1e7ba6fb6c728326967a0b55f
SHA1

ae497014d1e5bf663a3e6f711ea83710c7f25ffe
SHA256

6c229744d354704ebfbad09920f75c29c5058bf0a4432efe3a7892bde5a86943
SHA512

6330ff14008bf57b5fae05424c0ad0dbc8cb14a690f0b89cfb25a6f7b6252230af75a2f546943ec0a19f4f4597a79cbfbdcf8f31b74f42c1a6d564fae1ccc340
SSDEEP

49152:iYzLcCAzJXhoMjLjXQitjRaQ7LhgFXDUu2JhoD8cCX:iYzvAzkMjLkitDhOXDwi8nX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.Evo-gen.24509.1848.exe

Files

SecuriteInfo.com.Win32.Evo-gen.24509.1848.exe
.exe windows:5 windows x86 arch:x86

7f8a57cc8af7e13036fcc1999697bc49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

kernel32

FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetScrollRange

gdi32

CreateRectRgnIndirect

winmm

waveOutClose

winspool.drv

DocumentPropertiesA

advapi32

RegQueryValueA

shell32

Shell_NotifyIconA

ole32

CoRegisterMessageFilter

oleaut32

SafeArrayCreate

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

WSAStartup

wininet

InternetCloseHandle

comdlg32

GetOpenFileNameA

Sections

.text
Size: - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f8a57cc8af7e13036fcc1999697bc49

Headers

File Characteristics

Imports

rasapi32

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

wininet

comdlg32

Sections

.text Size: - Virtual size: 510KB

.rdata Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 247KB

.vmp0 Size: - Virtual size: 858KB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: - Virtual size: 510KB

.rdata
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 247KB

.vmp0
Size: - Virtual size: 858KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 6KB