9bf90788cd043e662086fda6dd6d5825ec1ad95f217c6d837b9aeb8161e700f3

Sharing

Copy URL Twitter E-mail

General

Target

9bf90788cd043e662086fda6dd6d5825ec1ad95f217c6d837b9aeb8161e700f3
Size

1.6MB
MD5

8e5f610431e3e4b6cd17f3774f52143e
SHA1

4af04233c2edf1c576afe5b1d89976c3d15a654e
SHA256

9bf90788cd043e662086fda6dd6d5825ec1ad95f217c6d837b9aeb8161e700f3
SHA512

0e3150b3818610397ac29f92d4d8109a2ba5a1984eba04e04983af492b41e1dabb1ce2b7dd695485b71cfc62b5372b7981012cf00ddfb988fe74ca1ab22f0778
SSDEEP

3072:s6su2hLkOenuoOQSLp3Uo02+gmDaURYK3CjI4seWXcbJahRzp4wuVJfsMcYuEstH:dsmuCyAxXDtH4YMC9iqhcecQznQOufo

Score

10^/10

Malware Config

Signatures

Detects executables referencing combination of virtualization drivers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_VirtDrvComb

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bf90788cd043e662086fda6dd6d5825ec1ad95f217c6d837b9aeb8161e700f3

Files

9bf90788cd043e662086fda6dd6d5825ec1ad95f217c6d837b9aeb8161e700f3
.exe windows:4 windows x64 arch:x64

337bd85123e29268ed156abd3205aeae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersAddresses

kernel32

CheckRemoteDebuggerPresent
DebugActiveProcess
DebugActiveProcessStop
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetTickCount
GetTickCount64
GlobalMemoryStatusEx
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LocalAlloc
LocalFree
OutputDebugStringW
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
signal
strlen
strncmp
vfprintf
_stricmp

user32

EnumDisplayMonitors
EnumWindows
GetCursorPos
GetLastInputInfo
GetMonitorInfoW
GetSystemMetrics

ws2_32

__WSAFDIsSet
closesocket
connect
htons
inet_pton
ioctlsocket
select
socket

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

337bd85123e29268ed156abd3205aeae

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 368B

.rdata Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1024B - Virtual size: 844B

.bss Size: - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 192B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 368B

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1024B - Virtual size: 844B

.bss
Size: - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 192B