VMP_DeMutation[.]exe | Triage

Sharing

General

Target

VMP_DeMutation.exe
Size

610KB
MD5

313b4a57befa4fb0383b23a24b3fdb98
SHA1

f8e3231a0c02f482a50f66947d61d8a68e9864b9
SHA256

eab9ebda95d6f20bea89fd32ba834b1f7256be3f6562471f6eb11f1a6e4a86b3
SHA512

a97da13b38d29d12e2acf0f456338642c37661538c0b8b8349865018ee2881dfdb4d9351add5dba8076f7e51340674cf4e60d1f560a1a4863ca16388c78e2d52
SSDEEP

12288:1S+kwHtmFIs/iWjU6b8AF/CKr9ccm4AC0PKhPg32ecNjacT:w+kwHd81jUgoqc7WBS2BN+cT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VMP_DeMutation.exe

Files

VMP_DeMutation.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ