General
-
Target
8ca95c8334e8fda472176b448c68b951
-
Size
751KB
-
MD5
8ca95c8334e8fda472176b448c68b951
-
SHA1
28982a9f72afa3d157d54e3f68969302b4963d6a
-
SHA256
47bfb4917193bc8acea15f61cb4ea53f8cda4edf9862ac0abf7ac1b02250dbbf
-
SHA512
70501cf7f6efd619203d5616cf56642186edfff0e78803125817a94492c938f00393b3d99b928467bc0e2894ebbd62ac31f20e07bdde963b79bad7b0a8324757
-
SSDEEP
12288:km23HY/7BOl4hhR+mjCz1+zJKzSyjdqGJA7n1d1xHvE/i37fL:ksdPhR+mjQ1+FKmy4GJSv1z37j
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8ca95c8334e8fda472176b448c68b951
Files
-
8ca95c8334e8fda472176b448c68b951.sys windows:5 windows x86 arch:x86
c25c31f9436aa695c20e1594e5d4830a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
IoCreateDevice
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 874B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 641KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 750KB - Virtual size: 749KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ