General
-
Target
CAXFreeV2.exe
-
Size
7.6MB
-
MD5
ec5b09c857dd9ee334f7fba9aa56759e
-
SHA1
0e694770ec7029ff00b29c4d6ffd96705cef6d5f
-
SHA256
1c809d3219b5dc8770a0a47c09cad202d68aac3eb4fa7aa2cb60e71854076559
-
SHA512
6674872b8757ca0839a24ff78b0125f9d902ec95bdb074a0caeda59228661df13d91ce9c8eada87237ac16f42f638552dff6da273b18899e48e34855e49c10b6
-
SSDEEP
196608:GTWJTHQLQnIrjd3GIpVWruQM5xirhydd3xeByHKZCHrDVuK:GuwsI/pEU5xilogBq0cc
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CAXFreeV2.exe
Files
-
CAXFreeV2.exe.exe windows:6 windows x64 arch:x64
c6169babf58234d356cb0a1bb51ff596
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
WaitForMultipleObjects
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetClientRect
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
advapi32
CryptGetHashParam
shell32
ShellExecuteExA
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
imm32
ImmReleaseContext
ntdll
ZwWriteVirtualMemory
normaliz
IdnToAscii
wldap32
ord211
crypt32
CertGetNameStringA
ws2_32
getsockopt
rpcrt4
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0
_lseeki64
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncpy
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-convert-l1-1-0
strtoull
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-filesystem-l1-1-0
_access
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-math-l1-1-0
fmodf
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 669KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 7.5MB - Virtual size: 7.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 236B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ