2024-10-04_01fbbda420fcc79df11a2dfd1ee82803_mafia | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-04_01fbbda420fcc79df11a2dfd1ee82803_mafia
Size

4.1MB
MD5

01fbbda420fcc79df11a2dfd1ee82803
SHA1

176ef5ed5b75ee3a7760c8790b6f1a839c95ba8d
SHA256

0d9c8efbc5bb70291b03a21d7ef76a724ba96369adb99512ee41a10a19a9e885
SHA512

83340c42f8b35231355fd09c5e0b4f78d3d86abada66f415850b5053054bfd3e1358d5fca863f65e5a62e55d6f18f84090cf41eeef4d83c01d8fb5ee18e48cc3
SSDEEP

98304:5jAF+0FMd7sM0rO7QnwtnCef/Q46kBR0FeG:GXSd/nCenQ3oG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-04_01fbbda420fcc79df11a2dfd1ee82803_mafia

Files

2024-10-04_01fbbda420fcc79df11a2dfd1ee82803_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ