General
-
Target
239b69bfefeb27da12ec4b300ffffcc0N.exe
-
Size
50KB
-
MD5
239b69bfefeb27da12ec4b300ffffcc0
-
SHA1
4b25fff2b1d5f968f8b7b38dd8b616e8c385ddb2
-
SHA256
c0e89154e982a7520f6b5c9f611ea310b44ada337f891c20ff6556bf50f4ed4e
-
SHA512
9dd3559ac923a8da7ed928911fd8a29ec100a8da0944e22ae81e533e81b4c37965cd2257f4b718acbd64e5fa5e00f5ac18c2dbc10f38b4224807c80db3d57592
-
SSDEEP
1536:QZ0NSu11iIOVlXclzhmx/LU89fpY4lMc5V3:QcScgIO3XclzIxI8/Y4lMY3
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 239b69bfefeb27da12ec4b300ffffcc0N.exe
Files
-
239b69bfefeb27da12ec4b300ffffcc0N.exe.sys windows:6 windows x86 arch:x86
2f37ab3524c60217cc6c3f5d66c19ee7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ