8a831d600149b3066bb6e41e1f36b66883f3a617316d6900d29a9257e90463fc

Sharing

Copy URL Twitter E-mail

General

Target

8a831d600149b3066bb6e41e1f36b66883f3a617316d6900d29a9257e90463fc
Size

365KB
MD5

302c902b68a2640ab06bc5c975412160
SHA1

200f411cf43014439327bc6af2d1ef6d58d500f5
SHA256

8a831d600149b3066bb6e41e1f36b66883f3a617316d6900d29a9257e90463fc
SHA512

96e51e49cca418e07a9d3a5cb312e77c76bf7f6bcb6dc40a538ef1d28cfa335d1921c66281b4fd18475f9c56b91f8e289f2bf2fbcdbbf99650268b5213a6d840
SSDEEP

6144:Hw2lcFN1Ctnmnm+vTL80lqJ78pftyXzh02MF8feBR51Sz/ER/BxbqFCzqX:HC+tnmm+X80W78/yDS228f4R51OozqEA

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8a831d600149b3066bb6e41e1f36b66883f3a617316d6900d29a9257e90463fc
.exe windows x86

960da2c758ef350abb23eb4645712495

Code Sign

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/09/2014, 07:49

Not After

08/09/2015, 07:49

Subject

CN=Open Source Developer\, meicun ge,O=Meicun Ge,C=CN,1.2.840.113549.1.9.1=#0c126d656963756e676540676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:2a:80:2e:91:d8:4c:cf:42:36:78:3b:da:91:60:6e:10:17:ac:a7
Signer

Actual PE Digest

b8:2a:80:2e:91:d8:4c:cf:42:36:78:3b:da:91:60:6e:10:17:ac:a7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, meicun ge,O=Meicun Ge,C=CN,1.2.840.113549.1.9.1=#0c126d656963756e676540676d61696c2e636f6d

17/11/2022, 13:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelWaitableTimer
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

advapi32

OpenProcessToken

shell32

SHCreateShellItem

ole32

CoUninitialize

oleaut32

SysFreeString

gdi32

DeleteObject

ws2_32

gethostbyname

winhttp

WinHttpConnect

gdiplus

GdipAlloc

shlwapi

StrCmpIW

Exports

Exports

hardreset

Sections

.text
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

960da2c758ef350abb23eb4645712495

Code Sign

04:7a:53Certificate

Key Usages

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8Certificate

Extended Key Usages

Key Usages

b8:2a:80:2e:91:d8:4c:cf:42:36:78:3b:da:91:60:6e:10:17:ac:a7Signer

Signature Validations

Verification

17/11/2022, 13:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 186KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 16KB

.vmp0 Size: - Virtual size: 175KB

.vmp1 Size: 336KB - Virtual size: 336KB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 24KB - Virtual size: 23KB

04:7a:53
Certificate

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8
Certificate

b8:2a:80:2e:91:d8:4c:cf:42:36:78:3b:da:91:60:6e:10:17:ac:a7
Signer

17/11/2022, 13:15
Valid: false

.text
Size: - Virtual size: 186KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 16KB

.vmp0
Size: - Virtual size: 175KB

.vmp1
Size: 336KB - Virtual size: 336KB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 24KB - Virtual size: 23KB