Behavioral task
behavioral1
Sample
D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
Resource
win7-20220718-en
General
-
Target
D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
-
Size
3.5MB
-
MD5
9ce5f14b8594d39723d696d393ed5cd5
-
SHA1
920a12bb0dce60d81d9b149a5d8fb8e7893ffd56
-
SHA256
d4e46ded5bca4a7086100e2296e9f434d357af08cc5153091834f0b6969133f6
-
SHA512
b0652648aa7b94764be0f27a4941680c6a7ba12b367713e2aac149be1ccd572ecaf1deca6d637e23f4995c04b636d240445f849bbc7bae7ffd6b3b441e7b1be6
-
SSDEEP
98304:i5jOiLWLmGP6RzXFMSsNhYxx3e51Eb3uYXr:ziLUmgi3scxt31b
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect
Files
-
D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe.exe windows x86
b4633ae496623d8f137812907a43c055
Code Sign
6a:fd:ec:64:47:87:ab:83:49:8e:b3:ba:83:62:80:e9Certificate
IssuerCN=Transcend microSDXC 300S 64Not Before14-06-2022 09:59Not After15-06-2032 09:59SubjectCN=Transcend microSDXC 300S 6490:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9Signer
Actual PE Digest9e:93:f0:35:40:4e:bb:3b:19:fa:96:5d:12:7d:0f:8a:59:b1:ff:b3:c5:f1:04:53:e4:62:2d:7a:83:d1:24:d9Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Transcend microSDXC 300S 6405-08-2022 12:36 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
RaiseException
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
ole32
OleInitialize
oleaut32
SafeArrayCreate
user32
GetProcessWindowStation
GetUserObjectInformationW
Sections
.text Size: - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 122KB - Virtual size: 402KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ