Static task
static1
Behavioral task
behavioral1
Sample
vgcbypass-shaff.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
vgcbypass-shaff.exe
Resource
win10v2004-20241007-en
General
-
Target
vgcbypass-shaff.exe
-
Size
390KB
-
MD5
8024d920556ad2f896594ecd7762741d
-
SHA1
da5e102cb1360adc0598fd27b2042c8c1b69b5ca
-
SHA256
3fbe903f883b8c0430bf287dada57ea819cc1c1c9787a510b81e8a03ef5b1beb
-
SHA512
bad9567b2e85fab9696f185302b557b1b84eee20b1719cb0b71b339c608a6a2cbf35a1e3c159d15c8d1a71ad6050763247ee3eb671374b0a8ac6d278f7657dee
-
SSDEEP
6144:o7GYze+PXF2Rs1j4oqj51OcqNRCjG/nof3rSIpMfF2/6RzPN1hOGxh+25dIFYQP+:MGMPXF2Rp1bYRIR3Wiu2CRB1ZU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource vgcbypass-shaff.exe
Files
-
vgcbypass-shaff.exe.exe windows:6 windows x64 arch:x64
20f2f9613e6664203d2b95b36c13b97e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegOpenKeyExW
kernel32
GetModuleHandleA
shell32
SHChangeNotifyRegister
user32
GetDlgItem
Sections
.pdata Size: - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 143KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE