0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf

Sharing

Copy URL

Twitter E-mail

General

Target

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf
Size

5.1MB
MD5

cd672c7ba4c52f344deb51e93d629640
SHA1

6e599f3fa6293f6933f6007c2b03912514cf75cd
SHA256

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf
SHA512

6606d1a2578a2e5585e4951cf5c7efa1e400a040ced6d72cc917454d56625e7f218274ec4c0e2496cd141b205f7103573a057d882a4dd62878a251bf3392316a
SSDEEP

98304:OpZJ27oEqTbDTzuSP+VWuONh9uhqeLJRo8OiqPP0u3FuPNM2UzlzU9V2MwZX8CMS:y27oEqrTwVWuwEhNEZpX0u30PpUzlzwa

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf
.exe windows x86

2019d9ed1aa51af3422696c88b4d99f1

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-11-2020 00:00

Not After

22-02-2024 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-11-2020 00:00

Not After

22-02-2024 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:24:e4:24:70:86:43:cd:b7:c6:d2:be:25:8f:60:9b:00:f3:7a:16:e9:7e:a7:d2:87:83:9d:d7:9f:ea:8d:fe
Signer

Actual PE Digest

ed:24:e4:24:70:86:43:cd:b7:c6:d2:be:25:8f:60:9b:00:f3:7a:16:e9:7e:a7:d2:87:83:9d:d7:9f:ea:8d:fe

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

23-08-2022 13:29
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

33:47:58:58:30:38:4f:7e:6b:18:0d:26:27:6c:c7:c1:62:2a:d9:49
Signer

Actual PE Digest

33:47:58:58:30:38:4f:7e:6b:18:0d:26:27:6c:c7:c1:62:2a:d9:49

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

26-08-2022 16:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EndDialog
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SelectObject

shell32

SHGetSpecialFolderLocation

advapi32

RegCloseKey

comctl32

ImageList_Create

ole32

CoCreateInstance

version

GetFileVersionInfoSizeW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2019d9ed1aa51af3422696c88b4d99f1

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ed:24:e4:24:70:86:43:cd:b7:c6:d2:be:25:8f:60:9b:00:f3:7a:16:e9:7e:a7:d2:87:83:9d:d7:9f:ea:8d:feSigner

Signature Validations

Verification

23-08-2022 13:29 Valid: true

Chain 1

33:47:58:58:30:38:4f:7e:6b:18:0d:26:27:6c:c7:c1:62:2a:d9:49Signer

Signature Validations

Verification

26-08-2022 16:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wtsapi32

Sections

.text Size: - Virtual size: 23KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 128KB

.ndata Size: - Virtual size: 148KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 92KB - Virtual size: 91KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ed:24:e4:24:70:86:43:cd:b7:c6:d2:be:25:8f:60:9b:00:f3:7a:16:e9:7e:a7:d2:87:83:9d:d7:9f:ea:8d:fe
Signer

23-08-2022 13:29
Valid: true

33:47:58:58:30:38:4f:7e:6b:18:0d:26:27:6c:c7:c1:62:2a:d9:49
Signer

26-08-2022 16:48
Valid: false

.text
Size: - Virtual size: 23KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 128KB

.ndata
Size: - Virtual size: 148KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 92KB - Virtual size: 91KB