Celex[.]VMPDump[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Celex.VMPDump.exe
Size

11.8MB
MD5

be93a1df0817dcb89fe6ae39835e9541
SHA1

f40dfc32c70a8588f8b99673b559095e0cff9a6b
SHA256

581e476aad93f674de5405228e32aca2bb03c15e86bf3e152ceff0a2c6b8ce2c
SHA512

e8e95e4b6794218616e70a308cf9aca15d5c8d3e8ff428d53b82e1d064a17fb79e516af64e7494f06fd6da53ec1e7a3b58535293bdb4b0e79602275db63b4d22
SSDEEP

196608:wSFtYHD/c01AyjvA4idZqK/RaIgcnR0Ue1vDXGUsnRKS+L+3IQvmazmBl5:DF2j001bjXxGSx1bVQRc5QWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celex.VMPDump.exe

Files

Celex.VMPDump.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 632KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.faggot0
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.faggot1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmpdmp
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ