antivm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

antivm.exe
Size

93.0MB
MD5

2ec33f36b25789b5a63b062ec8bfe656
SHA1

9334addb8d6573efc90e376c0a14296ace912906
SHA256

05608629f4bdeeac8cafa47974255a4306db8d4e40cf62c044b6bbeac5a79c16
SHA512

3fd48023429a24803459f8c18c522fd3146b055578f76bf9551023fa97613d316345901d7761e4ff302dad7ec5630e6dc326645a760b7200432a294b33f4a5f1
SSDEEP

1572864:3ByXl8onv+KtC8+uxsJz7lHJrBZnnnzcdlo6HxfOv+BovL6bOdF2Mee2H:3KlrmKxcttnsHEGm6bAdQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
antivm.exe

Files

antivm.exe
.exe windows:6 windows x64 arch:x64

627b54118e4a7dabcf7ec7f7857a797a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW

kernel32

EnterCriticalSection
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Jk9
Size: - Virtual size: 81.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.2%-
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gUs
Size: 93.0MB - Virtual size: 93.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ