General
-
Target
recode.exe
-
Size
5.6MB
-
MD5
5157e695d6a6910633aa6bfdf1188c70
-
SHA1
8c701a5e59f7873eceb5041367337b3e13fef56b
-
SHA256
b382fa9767ccb693a1a072b34d65832f0a35a66664e6f8013c6e2a98478d884b
-
SHA512
3ea215fd5174a81490fef085decd204d16c48ed6cd2f33601f79b934858d9252049b33adb6e6defcbbc33db3fe31f60b2ef5ce59f69b459b731f1d97e0ac6162
-
SSDEEP
98304:cnRQqTLnZaJPSH3KCKnjZoJIZfezj5nRhTxEOiMmdBeBCvZh:uFa1wKhtoJIZfuVTxETM
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource recode.exe
Files
-
recode.exe.exe windows:6 windows x64 arch:x64
8acab463d0049203898aa5d7be4df4fe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
urlmon
URLDownloadToFileA
dwmapi
DwmExtendFrameIntoClientArea
ntdll
NtDeviceIoControlFile
kernel32
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
ClientToScreen
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
msvcp140
?_Throw_Cpp_error@std@@YAXH@Z
imm32
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
vcruntime140
__C_specific_handler
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-math-l1-1-0
acosf
api-ms-win-crt-runtime-l1-1-0
_initialize_narrow_environment
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 357KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 382KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 464B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ