Установщик menu[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Установщик menu.exe
Size

1.5MB
MD5

ab512557e47e40f710e33bdd64cda0d6
SHA1

0cf4a37ddd263d5ab9bf68dbf7c7448b18304a21
SHA256

9985858be8c92df59d8c8645691dfe81f12c9f32f4015dd31b7d0b25fcff3399
SHA512

bb04b6c5cbeedd1994a3c3fc6855ea5c6c320bc1ccdddc380bdf5b8d2842e4f5cbe070f89037a14cad06f02d066f1a9be4db10599bb3c30a370db9c10cdff534
SSDEEP

24576:cbmFiTVafcKEX1AEepQF3gBXJ2ZMCGFrIezbz3iE0nHep4iN6:cbpT4f6qTCQBXAz/eHz3K+mi

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Установщик menu.exe

Files

Установщик menu.exe
.exe windows:4 windows x86 arch:x86

Password: 1231

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ