d:\code\vipm\appmanger\bin\i386\Yotect2.pdb
General
-
Target
7a5fb09f2c3184604edc9d533fd1fb80N.exe
-
Size
456KB
-
MD5
7a5fb09f2c3184604edc9d533fd1fb80
-
SHA1
fa0e222079c5ff0aabc29a8361d19b2bd146a02c
-
SHA256
e86daa70c26792cb72013eda44287794601ff602f73e06b1714538fcd91d8019
-
SHA512
89e1b48adbc1ff1070980db1b37516da44f625c155eed0c6f5f9815e40c477ae14f2c575440f4e002968932ee4933fe07d560840dadd60fb1b100c94f9b7a8a0
-
SSDEEP
12288:ssNt72Dz63xrM2y+OcS3PeQ0z8RxA2yxgaQl0cmYyN3:nNtEY+r0TkJSceB
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7a5fb09f2c3184604edc9d533fd1fb80N.exe
Files
-
7a5fb09f2c3184604edc9d533fd1fb80N.exe.sys windows:6 windows x86 arch:x86
44eaba3e2ad1a4d3a7bb96134726a91a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
_stricmp
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
KeGetCurrentIrql
HalMakeBeep
Sections
.text Size: - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEDATA Size: - Virtual size: 672KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 154KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 454KB - Virtual size: 454KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 364B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ