General
-
Target
4ff8cd3c480073d494f89f0cf4c053c0N.exe
-
Size
50KB
-
MD5
4ff8cd3c480073d494f89f0cf4c053c0
-
SHA1
935ec01689b3e2a5ccfb5f9405b456af3414fc5b
-
SHA256
a4a13689a9be756f5f6e02e6e42d2181364a655d0364e019acbc6a7f3e25e033
-
SHA512
10e22111f2f773654d29f1ac33ae23d9a1164131bf0271ce6b9290d7930cdb0b29c79aed67fa3e74fd467c7fc8edfecebd91f46db84a4825d583cfa8022045fd
-
SSDEEP
1536:00NSu11iIOVlXclzhmx/LU89fpY4lMc5V3:hScgIO3XclzIxI8/Y4lMY3
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4ff8cd3c480073d494f89f0cf4c053c0N.exe
Files
-
4ff8cd3c480073d494f89f0cf4c053c0N.exe.sys windows:6 windows x86 arch:x86
2f37ab3524c60217cc6c3f5d66c19ee7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
RtlUnwind
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation
hal
HalMakeBeep
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 384B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1020B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ