OPENSSL_Applink
General
-
Target
Insomnia.exe
-
Size
5.5MB
-
MD5
e1fb991dc6fbdc6cea332b300a327196
-
SHA1
57d0e8dbc035e8ae3078d0f2c1ee027a17ae75ee
-
SHA256
061b7059059689ab820e4b4019816477b9dd7161ef83091ff59cf52964283d03
-
SHA512
a805113b6b275c36a1b97f8f72d3690730f80e0a2bec3cb67aea6fc21c7b1e8e7f8e4e388b929e35fa858304aeb80c849e3e621ca286463e433361dd4ff0e5ee
-
SSDEEP
98304:ibOl1wBeFy/6jvtpsTTCtejQlU6EV/g28raD+Oxws1742j3VQx:1l11F/liFjQaVI28rdOr4W3Gx
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Insomnia.exe
Files
-
Insomnia.exe.exe windows:6 windows x64 arch:x64
a88fcf382d446a7e8217b373d9385d8b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetLocaleInfoA
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetWindowRect
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
gdi32
CreateSolidBrush
advapi32
OpenProcessToken
shell32
ShellExecuteA
msvcp140
??1_Lockit@std@@QEAA@XZ
urlmon
URLDownloadToFileA
ntdll
RtlVirtualUnwind
dbghelp
ImageDirectoryEntryToData
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCandidateWindow
d3dcompiler_43
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memmove
api-ms-win-crt-stdio-l1-1-0
__p__commode
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-math-l1-1-0
cosf
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
wtsapi32
WTSSendMessageW
Exports
Exports
Sections
.text Size: - Virtual size: 299KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.5MB - Virtual size: 5.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ