General
-
Target
b67f96bd77c451447facaf869332bbb8
-
Size
650KB
-
MD5
b67f96bd77c451447facaf869332bbb8
-
SHA1
a53eaf2e283bdace7b10ce335243073fb60c751e
-
SHA256
4b79aa7c24497ee9098d00f19986e803b96cb9c32140ec264999656a8e4c5067
-
SHA512
b62ca93d1bbe5e6b513aa3bf36323b85eb28022875105cbcf28ea03126aec617e5a7660071a91a43462d352b3f09d689ee473d8ceb1330f89ca5e54e4f0e7f9c
-
SSDEEP
12288:FI4PAspFB7uof9JVfl/oWb6vDYhUzibUu6mSteBnXopb/sYwWxECnedM12tu+Pmy:FdX7uKVfl/oW2vMSzG9we9XopjHxECeT
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b67f96bd77c451447facaf869332bbb8
Files
-
b67f96bd77c451447facaf869332bbb8.sys windows:5 windows x86 arch:x86
671ba4867a8ac18bb1b9ef1999509e39
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ZwCreateSection
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KfLowerIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 894B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: - Virtual size: 548KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp2 Size: 648KB - Virtual size: 648KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ