skpe[.]exe | Triage

General

Target

skpe.exe
Size

5.3MB
MD5

4b99bfd56e2bf997b98eb2f9db8237d6
SHA1

2bc25d3b7cdbf87cec1b32a27f5e44d773dd9c59
SHA256

e259b432b1289b92ed5738915f3a6ad7dadecff61f035ba4ab8e813ad481be1a
SHA512

636e9869d443a83414d79c613d9ee04bb44acb445cc92ea3986676d95ef972d9a0ed070af276f2b3d8971739c3862a0b1bc21f8b304c10959069fc192962b26d
SSDEEP

98304:RAa6aCMEnIBodtxCVq9WTFe3ETqzQ3FbKuN8cDQJWBYFPupa4dZ1GfJ:SntvIBexC2WTF7mkQq8/JWeFka4d3GfJ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Device/HarddiskVolume3/Users/RhineLab/Desktop/SMSapp/wuyovip/disk1/skpe/skpe.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/RhineLab/Desktop/SMSapp/wuyovip/disk1/skpe/skpe.exe

Files

skpe.exe
.zip

Password: Sentinel1!
Device/HarddiskVolume3/Users/RhineLab/Desktop/SMSapp/wuyovip/disk1/skpe/skpe.exe
.exe windows:5 windows x86 arch:x86

Password: Sentinel1!

9f35cc034966c27b4c592aae396abb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

recv

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Sentinel1!

Password: Sentinel1!

9f35cc034966c27b4c592aae396abb7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

wtsapi32

user32

Sections

.text Size: - Virtual size: 27KB

.rdata Size: - Virtual size: 11KB

.data Size: - Virtual size: 6KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 265KB - Virtual size: 265KB

.text
Size: - Virtual size: 27KB

.rdata
Size: - Virtual size: 11KB

.data
Size: - Virtual size: 6KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 265KB - Virtual size: 265KB