327e30685de29f9e1ac7f967dd0f9305021a9c516672322da8e6fccdeb9815b4

General

Target

327e30685de29f9e1ac7f967dd0f9305021a9c516672322da8e6fccdeb9815b4
Size

1.0MB
MD5

1261ac8beacd97e8789022067cd54552
SHA1

c00650cd0ffbb90d52ef57fc1625e61a642657bb
SHA256

327e30685de29f9e1ac7f967dd0f9305021a9c516672322da8e6fccdeb9815b4
SHA512

dc13b7371e8813b28568e67f95d9ebc02b791fcf6063a6912619114ea3904c519fa46217bef63a13d5f5a124be85e9f9fddd032d644a11bb5215e21c0e800525
SSDEEP

24576:tFZnpgDk9X1oTdfcuD+BCiTEfilL++mMY:trnwI1oZB2dcevmMY

Score

10^/10

Malware Config

Signatures

Detects Reflective DLL injection artifacts 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_ReflectiveLoader

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
327e30685de29f9e1ac7f967dd0f9305021a9c516672322da8e6fccdeb9815b4

Files

327e30685de29f9e1ac7f967dd0f9305021a9c516672322da8e6fccdeb9815b4
.exe windows:6 windows x64 arch:x64

be17683eae27d00465cdfac396612b84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CreateProcessW
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteProcThreadAttributeList
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleW
GetThreadContext
GlobalAlloc
GlobalFree
InitializeProcThreadAttributeList
IsWow64Process
OpenProcess
OutputDebugStringW
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
ResumeThread
SetThreadContext
UpdateProcThreadAttribute
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
Wow64GetThreadContext
Wow64SetThreadContext
WriteProcessMemory
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW

advapi32

AdjustTokenPrivileges
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx

shlwapi

PathFindFileNameW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sign
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be17683eae27d00465cdfac396612b84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 132B

.sign Size: 512B - Virtual size: 64B

.reloc Size: 512B - Virtual size: 56B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 132B

.sign
Size: 512B - Virtual size: 64B

.reloc
Size: 512B - Virtual size: 56B