D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
Size

3.5MB
MD5

9ce5f14b8594d39723d696d393ed5cd5
SHA1

920a12bb0dce60d81d9b149a5d8fb8e7893ffd56
SHA256

d4e46ded5bca4a7086100e2296e9f434d357af08cc5153091834f0b6969133f6
SHA512

b0652648aa7b94764be0f27a4941680c6a7ba12b367713e2aac149be1ccd572ecaf1deca6d637e23f4995c04b636d240445f849bbc7bae7ffd6b3b441e7b1be6
SSDEEP

98304:i5jOiLWLmGP6RzXFMSsNhYxx3e51Eb3uYXr:ziLUmgi3scxt31b

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
.exe windows x86

b4633ae496623d8f137812907a43c055

Code Sign

6a:fd:ec:64:47:87:ab:83:49:8e:b3:ba:83:62:80:e9
Certificate

Issuer

CN=Transcend microSDXC 300S 64

Not Before

14-06-2022 09:59

Not After

15-06-2032 09:59

Subject

CN=Transcend microSDXC 300S 64

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9
Signer

Actual PE Digest

9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Transcend microSDXC 300S 64

05-08-2022 12:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

OleInitialize

oleaut32

SafeArrayCreate

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4633ae496623d8f137812907a43c055

Code Sign

6a:fd:ec:64:47:87:ab:83:49:8e:b3:ba:83:62:80:e9Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9Signer

Signature Validations

Verification

05-08-2022 12:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 12KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 122KB - Virtual size: 402KB

6a:fd:ec:64:47:87:ab:83:49:8e:b3:ba:83:62:80:e9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9
Signer

05-08-2022 12:36
Valid: false

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 12KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 122KB - Virtual size: 402KB