Hmood Store Spoofer (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Hmood Store Spoofer (1).exe
Size

12.2MB
MD5

d53cebd7a2cedfa134e8cdc24f7afd64
SHA1

b3d1fb89a1e866012c1a85dca2d524a1ed375b70
SHA256

3582fe2f0a6a32a29ab9fd84d1670f37dce9582a056a2a80aa66b5fa6cb9acb9
SHA512

cf601b11d8a290ca9d82126f5816f1b402ffe6d449be98fbc512eaeabaf0a3055b601449655cafee5216007d435f3b252bd7405456d6104de47a2e2f5d900377
SSDEEP

393216:L9L1oKwV1iiRuR/uwRHthC5KikgFyPZTm:xLaKwKECDwKikPRa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Hmood Store Spoofer (1).exe

Files

Hmood Store Spoofer (1).exe
.exe windows:5 windows x86 arch:x86

a713032bd1667d63d7175f49cbbb212d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ