stub[.]vmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stub.vmp.exe
Size

12.8MB
MD5

7aee81288d9e54ea94f19e7dcca80bed
SHA1

4b1734991d9d636527bbfbc625d7a4acb48baa49
SHA256

76b11f379cbf881df368248101ee742397686eeeb3fc93452f14eecbb1f5bcfa
SHA512

46ad60305681deb43ec00d8b0b99cabef0429024e58f18e50ac3d28f642a03649e95c37158a0561d38277163390b3930d36bfe0a262159ab1354049e48937e32
SSDEEP

196608:HBtxWZuKORBRG0TO9wBHsDUAsmgoQUCj5oG5VcvKDZ6//8WAk+c0FrC:HBtxWZu5BR7XsTsYQ/j5zHJMp70A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stub.vmp.exe

Files

stub.vmp.exe
.exe windows:6 windows x64 arch:x64

e71e23477bf52a791252575d6d6cca27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW

comctl32

ord380

kernel32

GetACP

advapi32

OpenProcessToken

gdi32

SelectObject

Sections

.text
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.!"J
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

..x6
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3B]
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ