file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

3.9MB
MD5

67a80eb321c97f656af7976dacbe1712
SHA1

684dc22943c668912a6a1d3d2c16683fdd18aa3f
SHA256

6255134a0dfeb68afdeec38d8c14105b7a10fa2efc4c1e45b8e154254dfda1dc
SHA512

e889cd68018f58590c04d4a0268925bdb0f4401638a04e6b94f4cd0c8468ec3798b9a8913eb726d6509397a9b8f84b27b02708ec9fda436de58549b488ee21c3
SSDEEP

98304:nY7WpgWDFbvpbUKakhQJX5dJUhPW+mb/93mft:nSgFBQKakhYJsPv

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

file.exe
.exe windows x86

3193ba38d6547a4f488d417aa5895b68

Code Sign

2d:71:34:f1:3a:6d:51:bb:44:47:4a:68:c0:37:cf:2c
Certificate

Issuer

CN=ЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂ

Not Before

22/09/2022, 18:57

Not After

23/09/2032, 18:57

Subject

CN=ЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂ

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:6f:6b:c1:69:5a:02:73:fe:b4:3c:6d:ae:26:74:9d:a2:b5:2e:11:fb:07:c6:34:05:1d:d0:e6:a4:2d:19:cd
Signer

Actual PE Digest

0f:6f:6b:c1:69:5a:02:73:fe:b4:3c:6d:ae:26:74:9d:a2:b5:2e:11:fb:07:c6:34:05:1d:d0:e6:a4:2d:19:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂЉЊЂ

23/09/2022, 10:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ÙúÚΰ
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ÙúÚΰ
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3193ba38d6547a4f488d417aa5895b68

Code Sign

2d:71:34:f1:3a:6d:51:bb:44:47:4a:68:c0:37:cf:2cCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

0f:6f:6b:c1:69:5a:02:73:fe:b4:3c:6d:ae:26:74:9d:a2:b5:2e:11:fb:07:c6:34:05:1d:d0:e6:a4:2d:19:cdSigner

Signature Validations

Verification

23/09/2022, 10:49 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

crypt32

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 84KB

ÙúÚΰ Size: - Virtual size: 1KB

ÙúÚΰ Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1024B - Virtual size: 768B

.vmp2 Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 55KB - Virtual size: 195KB

2d:71:34:f1:3a:6d:51:bb:44:47:4a:68:c0:37:cf:2c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0f:6f:6b:c1:69:5a:02:73:fe:b4:3c:6d:ae:26:74:9d:a2:b5:2e:11:fb:07:c6:34:05:1d:d0:e6:a4:2d:19:cd
Signer

23/09/2022, 10:49
Valid: false

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 84KB

ÙúÚΰ
Size: - Virtual size: 1KB

ÙúÚΰ
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1024B - Virtual size: 768B

.vmp2
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 55KB - Virtual size: 195KB