OPENSSL_Applink
General
-
Target
scammer.exe
-
Size
11.0MB
-
MD5
d395aef1389ea5a0b621a159803b43a7
-
SHA1
8564f7619a2101949aad90f368df2f0ef14c16e2
-
SHA256
2546d9f28d9c1d28056dd8f99a953e7e6e2aa016007d00dc59c3d3f9f31ca695
-
SHA512
effa11e8cf10379c24295f0fd38486851f7e3cf5dc3b9b357c0811abf3259e0c968351a3270ae1df5562d8a73c1cddd6f61f4c9e7aa90bbe7fad7f2164136208
-
SSDEEP
196608:2vdhw2Q3zNTjVD7b4TyVTjQve/Q2AivMqne2COhve3R2NMDaugcmsFHSQ5d:2yzNTV7bpTjQvWQ2AivMqe2COg2ODsNi
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource scammer.exe
Files
-
scammer.exe.exe windows:6 windows x64 arch:x64
c5df107411d44fd99932b3b71ed58ec7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
winmm
PlaySoundA
kernel32
HeapSize
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
FindWindowA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
CreateSolidBrush
advapi32
CryptEncrypt
shell32
SHGetFolderPathW
msvcp140
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
ntdll
RtlInitAnsiString
dbghelp
ImageRvaToVa
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCompositionWindow
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
d3dcompiler_43
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
shlwapi
PathFindFileNameW
rpcrt4
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-stdio-l1-1-0
fputs
api-ms-win-crt-runtime-l1-1-0
__sys_nerr
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-math-l1-1-0
acosf
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-filesystem-l1-1-0
_fstat64
api-ms-win-crt-string-l1-1-0
isupper
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_localtime64
ws2_32
ntohl
normaliz
IdnToAscii
crypt32
CertFreeCertificateContext
wldap32
ord60
wtsapi32
WTSSendMessageW
Exports
Exports
Sections
.text Size: - Virtual size: 855KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 194KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 8.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 11.0MB - Virtual size: 11.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ