AION[.]exe | Triage

Resubmissions

06/03/2024, 12:52

240306-p4et7acc75 7

Sharing

General

Target

AION.exe
Size

35.6MB
MD5

e62c91de7981e04b49ade880a067ecf2
SHA1

b7aae9cb34afe5797a898b3b9dfc98fd53ecd39a
SHA256

ada1e4dc013114cb9f7dbd48007f99b69d00e80f7f42f509e224f06b4884e1e4
SHA512

ab60847e0f384f7e570eb1288761c4774c2a1990e124fc9f70cbde94fe1221acddc33e5ff5e9d2efa53f7c755148146e2ff712c17af2a8dbccda72f1b3fd6042
SSDEEP

393216:zvPxEUOac2Ee/q5mTWU+P1IyVOSccCD/q5mTWU+g1IyVOmccC:bPxAq3uaWU8IyVOvcyuaWURIyVODc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AION.exe

Files

AION.exe
.exe windows:4 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 30.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 35.6MB - Virtual size: 35.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ