General
-
Target
0bec2b230fc5f9ba2fbff52e646c32c0N.exe
-
Size
50KB
-
MD5
0bec2b230fc5f9ba2fbff52e646c32c0
-
SHA1
ee88134732ca4479d923a174bee9f83ffca374c2
-
SHA256
067490b0a31e24b60705b4f9acc69a8b0f8b81f1f3513b875cc0e196a4d08aee
-
SHA512
8843c91a47c12e822e35f2ab7ea10187a2de61edbd29f4b8f10112ed20605f00b34a9421c6e85213782078bd7b6ba82c5408abe06fd63a05efa9a5a52c2f62c7
-
SSDEEP
1536:i0NSu11iIOVlXclzhmx/LU89fpY4lMc5V3:/ScgIO3XclzIxI8/Y4lMY3
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0bec2b230fc5f9ba2fbff52e646c32c0N.exe
Files
-
0bec2b230fc5f9ba2fbff52e646c32c0N.exe.sys windows:6 windows x86 arch:x86
2f37ab3524c60217cc6c3f5d66c19ee7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ