HL_Spoofer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HL_Spoofer.exe
Size

419KB
MD5

7c763f746fa46ebc7156f878c5b59b72
SHA1

00ceb55872b8c395a3b86b695f9d6c0096c6cc01
SHA256

f84b25af9d13d35c8c89b3feb2343c20ed90dbcf02a3b5ce29a42e43659633b8
SHA512

05895630db6ed912db61efc17745329abaa516655bb16eb0052f439343b8e90431a83480c3d4fded03b9366c6459aa06f9fb56c296418a8dd0e4c316543ac26e
SSDEEP

12288:+gWA84efc7UsymHNBWdh/nBBBBBBdFZTVssBBBBBBKCBBBBBB:yA8dLyWH/HZm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HL_Spoofer.exe

Files

HL_Spoofer.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ