VMXLOADER[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VMXLOADER.exe
Size

13.1MB
MD5

d34eec0a89654d3d347b5c2e45a396d3
SHA1

567e08e07da8333947e7b0bb4196b09088fd85c6
SHA256

e724dadad6e5703256ae731d8862e70057f7d4b4a5dc60a908b1a409b17465bb
SHA512

952f7bd08f149cd9b8790e0ee69efbf6cd2462bf042b6db634311d6a7adb5ace618e85c5122b8ca0dc759ecb1039b2be1c1758d3e9dbe60108490e78dc5da730
SSDEEP

196608:hyvM/64H3qTBFecYoh5UEu0slUMZEYcYADpIjRqtRghqA6s6rSb0ATJE9k:FH6neSh5W0snoYADCRqIhqRaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VMXLOADER.exe

Files

VMXLOADER.exe
.exe windows:6 windows x64 arch:x64

2f412b98966468b9f94c49f480533933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA

user32

GetWindowThreadProcessId

gdi32

BitBlt

advapi32

RegQueryValueExA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fopen

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 429KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s~/
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.S~y
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.b?_
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f412b98966468b9f94c49f480533933

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 429KB - Virtual size: 432KB

.pdata Size: 7KB - Virtual size: 7KB

.s~/ Size: 6.1MB - Virtual size: 6.1MB

.S~y Size: 512B - Virtual size: 320B

.b?_ Size: 6.3MB - Virtual size: 6.3MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 429KB - Virtual size: 432KB

.pdata
Size: 7KB - Virtual size: 7KB

.s~/
Size: 6.1MB - Virtual size: 6.1MB

.S~y
Size: 512B - Virtual size: 320B

.b?_
Size: 6.3MB - Virtual size: 6.3MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 844B