de766feddebd8a2a1db573c07e80c155 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de766feddebd8a2a1db573c07e80c155
Size

2.2MB
MD5

de766feddebd8a2a1db573c07e80c155
SHA1

1dd2275d439a87fb1ec160a5fb35ef83f2e95609
SHA256

4e100589a7ba76496498b5cf00d0ad79d2cf4904bac91bb23a7d8e5b0a2a6358
SHA512

8a3ec2a1282d3c08d8c6aa7f1dbe1f7818373ec90714fecd56f7811034f34806cd8f973895280e851c856bc7e6023fe952a1f743b059964a8374b16317f08a55
SSDEEP

49152:dfYL0W60EPd4LlUy7BrPNpskumLVd/BCWT0YVxfKy2OyF0G:drWqOlv5Prdpb0YVxKy2Oyj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/CSO_ShowStatus.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSO_ShowStatus.exe

Files

de766feddebd8a2a1db573c07e80c155
.rar
CSO_ShowStatus.exe
.exe windows:4 windows x86 arch:x86

bacc6b6d0017d06e6afd559d20339dd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrUI1

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE