rm2[.]vmp[.]exe[.]zip

General

Target

rm2.vmp.exe.zip
Size

10.3MB
MD5

fe82c28a9986272536c4c3975bcea78d
SHA1

b59d21a23516f1174fb6c48e17a1bbd9a5d52720
SHA256

041c0d7011a0b44928b96ca8b277848fedc9b94d169ace3e75921d5bdd7e88bf
SHA512

e84513ea4d760679d4de36f7b893d1b3000a25f93a9ec5fa5dcceb284a378b903b456913212ff8db469181513a506062210237c2b7e67c2f6f23e77d942b6a1d
SSDEEP

196608:wlN+h8CkxGj6kTizCKRPriY5AT7ABwIfBghHCjRfAOXtuoeGyIB4RD+qDUaY+d/C:wTxCkD9PriYEABwBCj1N0Gp4LDUaY+d6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rm2.vmp.exe

Files

rm2.vmp.exe.zip
.zip

Password: 123
__MACOSX/._rm2.vmp.exe
rm2.vmp.exe
.exe windows:6 windows x64 arch:x64

Password: 123

c4c681967a192797d18bf3b5463f04b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteProcessMemory

Sections

.text
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0Q"
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.~wO
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Rw/
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

c4c681967a192797d18bf3b5463f04b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 128KB

.rdata Size: - Virtual size: 58KB

.data Size: - Virtual size: 10KB

.pdata Size: - Virtual size: 7KB

.fptable Size: - Virtual size: 256B

.0Q" Size: - Virtual size: 6.7MB

.~wO Size: 512B - Virtual size: 64B

.Rw/ Size: 11.4MB - Virtual size: 11.4MB

.rsrc Size: 512B - Virtual size: 469B

.reloc Size: 512B - Virtual size: 256B

.text
Size: - Virtual size: 128KB

.rdata
Size: - Virtual size: 58KB

.data
Size: - Virtual size: 10KB

.pdata
Size: - Virtual size: 7KB

.fptable
Size: - Virtual size: 256B

.0Q"
Size: - Virtual size: 6.7MB

.~wO
Size: 512B - Virtual size: 64B

.Rw/
Size: 11.4MB - Virtual size: 11.4MB

.rsrc
Size: 512B - Virtual size: 469B

.reloc
Size: 512B - Virtual size: 256B