Behavioral task
behavioral1
Sample
lp5xalng.exe
Resource
win7-20240903-en
General
-
Target
lp5xalng.txt
-
Size
10.8MB
-
MD5
71e905772d3d65b1c93e25fd03c88235
-
SHA1
0edea1290d45e427cd7be43abfab11d085a5c2e3
-
SHA256
9526227a851d1ce70a2a444c4c7ee7de2c5bf6206a42decaad8d65c3ff0b61d9
-
SHA512
71af02434d64350218cec31dd13eb7baa285411d74707d29aa114033e996bfb6dc81b19eec89dd21f1103b798ded83cd089adeb690fbc48fdf62cbce3b91d924
-
SSDEEP
196608:n8XSoNdjhN7JYGLsQH+L/j7MmjpuwSHFWi3W9Y75JSnUzR39P+GI1Tbzx7ZEkSIx:n8iirPLlHIYrWeW9YFInKZ+BNpZEkSY
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lp5xalng.txt
Files
-
lp5xalng.txt.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 10.8MB - Virtual size: 10.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ