General
-
Target
1d26b64a2f9ef733ff6ae6cc08e912e0N.exe
-
Size
163KB
-
MD5
1d26b64a2f9ef733ff6ae6cc08e912e0
-
SHA1
ae31d2cad24d4d36a310b5f272ac1ccd66dd2555
-
SHA256
c55085ea0489e138ecd8a40d50b302e9830f2e7a66b559f497abbcf63eb1bc9e
-
SHA512
6b9fbc2d1cb996f941cadc338cac3340815463644ed114d451a359a07cc38182518232ed7a855cfc6fc53701f746af46c42f8c1a9c52be8199d763b040065c01
-
SSDEEP
3072:lf5RWEQkHrl5zm3ZkJ6/odw93NxGwC8qySWGpcwuKVVGrd3WJLaWn3MsOsE:lf5RWEhl5GZk4HBNxHC8qiMSmGclwsOX
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1d26b64a2f9ef733ff6ae6cc08e912e0N.exe
Files
-
1d26b64a2f9ef733ff6ae6cc08e912e0N.exe.sys windows:5 windows x64 arch:x64
fa8252511364dda6e848c5e07207d9ea
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
ZwCreateFile
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT Size: - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 156KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ