General
-
Target
Silent Color.exe
-
Size
6.3MB
-
MD5
986ffaedd6e4bd1b05bee22a4d9199a0
-
SHA1
249be2fe6dcdc453a51184511a51bf9b371ef3c6
-
SHA256
f287ee755f2c75352c59c1622775a009557c7bc1cddf5b2f25cc8e9fb12bfe89
-
SHA512
b9e7d6c674b82352bb6ebd817177d1fdf17bce49ae220834dc553f2d81b3de80cf8bcbbe8daa845ba19f300b0f60ef387159c0903877683022e53a54ee697689
-
SSDEEP
196608:Uhmc9964cdIg/i+8IKFv/O1azqaP9v5YaKQ:kf996XqBFeMP9vC
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Silent Color.exe
Files
-
Silent Color.exe.exe windows:6 windows x64 arch:x64
4138cde1f35db6b53044a044d9944251
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
PeekNamedPipe
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
DestroyWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
gdi32
DeleteDC
advapi32
CryptDestroyHash
msvcp140
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
imm32
ImmReleaseContext
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
normaliz
IdnToAscii
wldap32
ord46
crypt32
CertFreeCertificateChainEngine
ws2_32
htonl
shlwapi
PathFindFileNameW
rpcrt4
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strstr
api-ms-win-crt-runtime-l1-1-0
__sys_nerr
api-ms-win-crt-heap-l1-1-0
calloc
api-ms-win-crt-string-l1-1-0
strcpy_s
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-stdio-l1-1-0
fclose
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-math-l1-1-0
_dsign
api-ms-win-crt-filesystem-l1-1-0
_unlink
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_time64
shell32
ShellExecuteA
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 770KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 935KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ