5f2b3ec987d9231c03a89368f56e482bec5815e9318d00027c7a367e7fab801d

Sharing

Copy URL Twitter E-mail

General

Target

5f2b3ec987d9231c03a89368f56e482bec5815e9318d00027c7a367e7fab801d
Size

954KB
MD5

ae710acd2d46de08d8c465bd2c3ebc8b
SHA1

1b96a96a8a2cda0ecab78d1467bc08ae9cbfcd83
SHA256

5f2b3ec987d9231c03a89368f56e482bec5815e9318d00027c7a367e7fab801d
SHA512

ef061242d51444bf7fa63888a09d7729f377e17b996ddabc5d683cf94688a12733ffe8f5e40654cf5af45ead5dd5e6e706d3cd3ab86a5d6003ef6824c033b8f6
SSDEEP

24576:Riy6mmC6cGDijj0rpXrSBLF2/RoWIxFEWWF5ycW9YuKUX:Riy6mhJjw1rUp2/OpxFpW+NN

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5f2b3ec987d9231c03a89368f56e482bec5815e9318d00027c7a367e7fab801d
.exe windows x86

32f88f2e018c0d02d099ced0a948d378

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6a
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/10/2013, 00:00

Not After

09/10/2014, 23:59

Subject

CN=Sanjeev Kumar Deswal,OU=billing,O=Sanjeev Kumar Deswal,POSTALCODE=122002,STREET=DLF gurgaon+STREET=s block 50/36 phase-III,L=gurgaon,ST=haryana,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:d0:df:39:82:c2:b8:54:e9:6d:b6:d8:8f:a6:95:13:54:e3:e7:e4
Signer

Actual PE Digest

d6:d0:df:39:82:c2:b8:54:e9:6d:b6:d8:8f:a6:95:13:54:e3:e7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sanjeev Kumar Deswal,OU=billing,O=Sanjeev Kumar Deswal,POSTALCODE=122002,STREET=DLF gurgaon+STREET=s block 50/36 phase-III,L=gurgaon,ST=haryana,C=IN

28/10/2022, 15:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

gdi32

GetDIBits

advapi32

RegCloseKey

shell32

SHParseDisplayName

ole32

CoCreateInstance

oleaut32

SysFreeString

ws2_32

inet_addr

winhttp

WinHttpReceiveResponse

gdiplus

GdipGetImageEncodersSize

shlwapi

PathFileExistsW

Exports

Exports

?robertlee@@YAPA_WPAK@Z

Sections

.text
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 943KB - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f88f2e018c0d02d099ced0a948d378

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6aCertificate

Extended Key Usages

Key Usages

d6:d0:df:39:82:c2:b8:54:e9:6d:b6:d8:8f:a6:95:13:54:e3:e7:e4Signer

Signature Validations

Verification

28/10/2022, 15:16 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 167KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 785KB

.vmp1 Size: 943KB - Virtual size: 943KB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 6KB - Virtual size: 5KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

a1:c9:d6:6e:19:96:84:b7:5b:60:d9:34:d3:de:26:6a
Certificate

d6:d0:df:39:82:c2:b8:54:e9:6d:b6:d8:8f:a6:95:13:54:e3:e7:e4
Signer

28/10/2022, 15:16
Valid: false

.text
Size: - Virtual size: 167KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 785KB

.vmp1
Size: 943KB - Virtual size: 943KB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 6KB - Virtual size: 5KB