ZoroVirtualMachine[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ZoroVirtualMachine.exe
Size

15KB
MD5

68a8b9587c43270d907c675750d06de3
SHA1

541bab123a651ddb50600f69fa04836ffd70bf7d
SHA256

533afbc0251d8beadc36990889c1ece6e8608df9b4a64b720d448c516a5c7e8c
SHA512

b9695b3d4d11505139a47c369311d096ce57dd91ddce37f2670d0fde078b682340f949eb550ca002531ea47378fdcc6923d039a93ad3b12a2d292bd7d35c8af5
SSDEEP

192:C0IjqtWTA29/vD68Fixy6j8zldBACJNOOWXK14iHly9BNTPiNLt:B0p9/vD6Bkld7WODHOTK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZoroVirtualMachine.exe

Files

ZoroVirtualMachine.exe
.exe windows:4 windows x64 arch:x64

032e88628b35ec9a2b118a194c8fed36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

calloc
perror
exit
printf
strlen
memcpy
memset
strcmp
__iob_func
fgets
realloc
getchar
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ