General
-
Target
SpoofUD.exe
-
Size
5.7MB
-
MD5
6db732cac65fdd377e468905a04d26e8
-
SHA1
f1fba8c5984e870716ff67b944c0c9843e6b3dce
-
SHA256
f3aa9f770510c63e22994f4960a6ad74c075cebca70cbbc1fbf3afad46267eaf
-
SHA512
0fc97fe01d323eef2979e6c2d0d01718101eb488e55b6bb6bbfda8bfcbaf1970cc1d654d29c20fd26b3b752ad4d946c8eeef9feb3d85f99c9b1efa90a2240fdf
-
SSDEEP
98304:Z7A1p2qg28cV6vEeHZZ+Z1Q/I6MOr//QHXPXi6RPxAKzrXMbCOIn9ePElAYn1/:ZM1p2qg4OFHv8Or//QHXPSQzzMbLK9e8
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource SpoofUD.exe
Files
-
SpoofUD.exe.exe windows:6 windows x64 arch:x64
eec07fc1ba0cd01fdef9404ef279ff5f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
WaitForMultipleObjects
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetKeyState
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
GetDeviceCaps
advapi32
CryptDestroyHash
shell32
ShellExecuteA
imm32
ImmGetContext
msvcp140
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
d3d9
Direct3DCreate9
normaliz
IdnToAscii
wldap32
ord35
crypt32
CertGetCertificateChain
ws2_32
ntohl
rpcrt4
RpcStringFreeA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strstr
api-ms-win-crt-stdio-l1-1-0
fgets
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strpbrk
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-runtime-l1-1-0
exit
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-filesystem-l1-1-0
_fstat64
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 708KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 153KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.7MB - Virtual size: 5.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ