KINKY DADDY-2024-04-05[.]exe

Resubmissions

20/06/2024, 06:35

240620-hckssstgma 7

20/06/2024, 06:29

240620-g89alaterf 7

Sharing

Copy URL Twitter E-mail

General

Target

KINKY DADDY-2024-04-05.exe
Size

5.5MB
MD5

4b156dabcaff0e8c99ee33959b8064b9
SHA1

da0276f4c8dfc1750d7eb738ee40fffebb798913
SHA256

606f12d8a195214d1cde695a579509b4a2c73974b60ed26cdd79bd711d0444b0
SHA512

3201e89042c053fa06c11786af384a1ca291c4a2de21caca96e229ae3f12d533c6926b4d6ad13c724e84bd210934cc663b441a630379e4dee10ef7fd3a31afd8
SSDEEP

98304:axmM2J5LZLJKXTuoZ+AjGlyqDykwgGj6+ekUb1wsJ1UKEBnl0UlwEqoV/tMM3APO:q4NquoZ+AGlVJ6WlkgdnwlVqolhQ0m

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KINKY DADDY-2024-04-05.exe

Files

KINKY DADDY-2024-04-05.exe
.exe windows:6 windows x86 arch:x86

3bef575dd3e084609c3cd8e69aa103d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowPos
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CreateServiceA

msvcp140

??1_Lockit@std@@QAE@XZ

wininet

InternetOpenUrlA

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

O�HF�Jk�Pv2��䙹�<�g�dN5��,E��Q �czf��0��A�Cޅ�EQ�4��B�H<]P��G׸��Y��$�׭ws~w�.l�7[�Z�?u&%�e�:�>t��n��6[��@�t �ꑘK"�{@"CҬ�l� ��S�c�<Bk+�s#��9��57. ��Xԕ 8�e7�2��MT� (?S:J�d_S�k_��|�O��LAxe��H@�H׸nim�c�L!V��1�ސP�Få�jه�1�8<��!��>�,�}Rx�S�fΙ�0�n��{��AA~��#�A��D��P�P��7��M?��mk��86��➊��.o�?WƗ8��.��.J)��o��_?�\[ m<4Dm��s�i�S:/�cR�^��x0��-h�0'1��t��޸-4�[(�:Y�]tfqݥT�h:��K'ӀC��Td��IRN.��"M�\A�'�`�(�!hx�^�sy8ES%��$f�I��۞�w$\jj4��~�JTI3T��l��S�\��0�+z��{P��T��^�%�(=��b�k�>e 4V�f�3��E�E�a�cJ;��o��TV��vt"��0�G��Q�=7��*M��4r2sNf5��5N�Q�f��CU��b�lb�-��V߇��˧��͊��v(-z5A� �+^49��[��v!��z��+�^q��q.ϱ��K�S �lk�v�4�B7c7��Lt��m(��+1�$~d��w�$>Zx��h�Md-.�|<�Z��m�bt\��y�@��G�[ ��5 W��CkL��bsG��l�c3's_��>PSux��5� �f��[�bE��)��Z⅝|��/��,�(�1v��2;L��Q~6&��蘶-�gN)"2��~��O�Ot�٬C�W� RhgcY`5��=�Zۉ��t��0I��/ݫM��hl2�@��׶�G8�T��Z��s��b6��I��H��Y��3w�&�ڙDd��Z%�Ӫi>7%Zӛ�C�>�o�(�#�b�]��&f�j��z ��j��Q�;�3�Ԝ�i��E�eQ��^|)u'h�cW̸�\�Ɔk��ԱkZ=0E>�X��,�(R��O�W%\��R��| ��T�(��j�t0�;�h��c:4l��t;~��U�X�S��$mܸ5��8=�0(��B��_ԣ.��صC�' W�e(�'呼��HIN��۠М�RֺE:�� u�J��R��g1�Dl�=/�I��]�$׳I�-pB��G�JH�O�왡)�{��{D�ߝkד��Y��k~�ڱ�� \��UY�B�Q� ~�OH�4!�_��Pao��L��jH��Q�@>|��.,NQ�#�@UTE��*�%��6�w�K$� �('5�޴4^�;��l�K��_��!A��X�y�3Ėo!�L=�2��5߱|u��L�`�Luָm��{7]��<��k�W��:Z��B�e�ȉ��YlkWސf@�e��t�ׯi��s��c��F�O�x� �_g9I��c�O��9Q��d��T�O��T.��[��]�tsI��,�8[�� p��y�/δi��m��'"T��BCV\{�p�)��(ק�ݨ�5`A�g�)�ZAG&�)i �6z�e�]�MC e�7/�-��GH%A%��8��\��=e�;�]�ڄ�B�e=C;ϊx�@Y0l3�۝=�ҽ�`��""GKٮl�'g��[��0��P ��r�wx��R��j07�[�T��xaZ�j��;X��,��a�O��7�,��d�a2��X��B�_a{��G��Z��E��G�JXc��>Xi��$�Rq5�g��xb7�x�~_'�wy&3��%�4��|&��T��(\G[e�.��3��>Ϯct�3ɽ:uȶ��rw�\_�S��#�x�{[�� s�*��WbF]9P �W��e�-��,�m`=�� 6"��Ei^�5��`�=o�U� #i��\K`.��9S�{S�Ɓ��63�`6��C��Y��0��UV�kK��53�[ ��s��z�&��A��c�hjԨ=qM�#�&SF��V�-��:-z��M4�/mvYY4Cl�ݒ�k� ^�%�� 0�� |^f��a�� o�-��M��5�nr��d��AA�� T�e�� !��U��7��fƧ��Bwa ��Ϯ�ָIG��\�{��`��i�y��YO��e�I@PnR2l}f��@+у��d ɶ �w��]W�z�/�X�H��m`G��,{m�Qo1B5��1��7� /6B��y�q�{%=��Z�Z%��0� (�СAv��&%q��K�5��x�� n��QZ��~��^��&�)�PsV�Ot?k�� A��_ ��Y�B�F� 6��C�"��@��Ѱ0��Ij {Lc�򲕟SA��ʇe�^�,�䘝ėF1�VsQ�U�w�t|�4��'$8�N'v��v>��[��޺�� w6��"Xi�\�l��-F��.��9´S陜e?�2�o�y��g�vu�hdC�4��y��K��w�N��.��^��[��[�&��@iz�&��S��#�a$s�z ��_��$ѽ"%J�xϗ#-:,w��D��`&��k��2��u��!�Sa�S�У�G!�n.|��b:��)_?L5c��F��X�|$7�(�+"n�<3��sx��d=j�qVGu|��ox:@\��V��;&%�C��跗�-� Mq��t��P�H��ȡ&�SA��Z�e�/� �K�l�S�!_��N'�I�3�

Sections

.text
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

3bef575dd3e084609c3cd8e69aa103d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 156KB

.rdata Size: - Virtual size: 47KB

.data Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 3.2MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 103KB - Virtual size: 103KB

.text
Size: - Virtual size: 156KB

.rdata
Size: - Virtual size: 47KB

.data
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 103KB - Virtual size: 103KB