FunChecker[.]zip | Triage

Sharing

General

Target

FunChecker.zip
Size

13.6MB
MD5

669dea55a11d260b90159e727d0fb6e2
SHA1

632d22f8eaacfbe16c12001e8df11c724d75d335
SHA256

35a2a6f94f05c505f822208734c2d31fb69aede9f963103855b4721585290605
SHA512

766d43c423df779cf9abc6819dd00342f2c8dfca054fbda466b256b5ff495cf58665d95dfe7e51af21f45c96b48ab94e155ef787feb072c3714df9c46e377b76
SSDEEP

393216:8+/9XsBVCRuMjbDgzBufO1GjXo1kUyVl/+Y:b94ongz2XekfVll

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
static1/unpack001/FunChecker.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FunChecker.exe

Files

FunChecker.zip
.zip

Password: 123
FunChecker.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 13.5MB - Virtual size: 13.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ