Injector[.]exe | Triage

Sharing

General

Target

Injector.exe
Size

752KB
MD5

e65cab7064b338aefddc2d7fe23bd7b2
SHA1

c0442b60f248ef3907689bd163114c8ff40fc174
SHA256

ef3d151671b89c989c61fa359dbdf32e8c5421dd58df6283347931eeceac55d6
SHA512

2bcbe32faa4350718cb73310efd869d461881d8cddfc1e30b689d9ba647db78b4ff37fa341fb6378e6519c1bae59832d372b66579dc1d59b5f23b7173955082f
SSDEEP

12288:5hLC1BqVny++OLLQM+0WQcPAW2gsWBjjMAeVFf2SHNFXSifu3fghL:TmMvbLkcG2gPeVrNo53fyL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Injector.exe

Files

Injector.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ