17205987303[.]zip

General

Target

17205987303.zip
Size

136KB
MD5

5600649aa309556cc295e6a842a00b85
SHA1

d2c50b742f46b4b9e60f4648a4be276faeac69a1
SHA256

b75304904b8b1370fad3c8bfa6e8adba6add2fbe84c6eb292a764677f3837b31
SHA512

09d08d33bc91f0a46f293e85731a2309f4db407cdc493aafe82bc2eadce0bf840e638130d89c1a71665bee3ffe636dafe4897a88c395cdb70afcddbebfaf628d
SSDEEP

3072:e7xh7qSUWQTA+Qr4Y+z+a9WOMfpxHWW421u6sm/mmX9YtJzEBXG:e77jUWQTwv+qasHh420J9mOHzEA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/facb29639cfe1092b2a53d15d005a2f07825a77d49680f4a9392386a788d8216	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/facb29639cfe1092b2a53d15d005a2f07825a77d49680f4a9392386a788d8216

Files

17205987303.zip
.zip

Password: infected
facb29639cfe1092b2a53d15d005a2f07825a77d49680f4a9392386a788d8216
.exe windows:5 windows x64 arch:x64

Password: infected

a0aacc9257f5b568470c9b70e94541c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
GetModuleHandleA
GetProcAddress
VirtualProtect

advapi32

QueryServiceStatus

imagehlp

CheckSumMappedFile

netapi32

NetUserGetInfo

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a0aacc9257f5b568470c9b70e94541c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

imagehlp

netapi32

user32

Sections

.text Size: - Virtual size: 93KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 78KB

.pdata Size: - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 54KB

.vmp1 Size: 141KB - Virtual size: 141KB

.reloc Size: 512B - Virtual size: 100B

.text
Size: - Virtual size: 93KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 78KB

.pdata
Size: - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 54KB

.vmp1
Size: 141KB - Virtual size: 141KB

.reloc
Size: 512B - Virtual size: 100B