spoofa[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

spoofa.exe
Size

456KB
MD5

d778ed6ac649fce1c3d19f1e295b18c0
SHA1

5b28c18b83ed161d4c2dfab20a688145b8a52d23
SHA256

8585edc6c7fd6147cc5603fb61d8aa74bf4b98f6b10e5a48f4306bf7b4b49299
SHA512

eb80aa5a5d4bbb4d18bdc3df8b02ea8d8e869bb0057abc31dd4e1aa1bc53a82e805dad971171519ddfdd59421ee7fdf0264fcc0bce4a7db388eb131b6124690f
SSDEEP

6144:hhtIr53FaAEnCIe22mCnrnuxx1Smi/yrGkYIyHtGC4LCVlAiLcW7tBWJpggfOUl6:h/INgAEnCIe2cGx2yGYW7tQJpTfOe6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spoofa.exe

Files

spoofa.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ