c20e17b0581b24a1fd03b09739b216ff71ee694a424a5a5eb13a2fd2961182ef

Sharing

Copy URL

Twitter E-mail

General

Target

c20e17b0581b24a1fd03b09739b216ff71ee694a424a5a5eb13a2fd2961182ef
Size

3.7MB
MD5

d9f3764000cbba305d400dfe992f25e7
SHA1

3548d2195bc004d1d38b02210667664a0b59cc74
SHA256

c6852f979aa5f0072aae978af580261be478237f316da327deffc30d6d0ce1bc
SHA512

f75eb6b4fa3f3fa52a9fa62b05cf1c9a9ae62b40498993293f4313736d1f8556c59e106e1ccea706c08ddc83d571f69112292d228bb138f323baf790f649cf5d
SSDEEP

98304:wJNQEN2ZvAYH/cv/AfR4EudBkCN8Pdpk/pIBH6i:cN0pAYf510BdIda/mH6i

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/c20e17b0581b24a1fd03b09739b216ff71ee694a424a5a5eb13a2fd2961182ef	vmprotect

Files

c20e17b0581b24a1fd03b09739b216ff71ee694a424a5a5eb13a2fd2961182ef
.zip
c20e17b0581b24a1fd03b09739b216ff71ee694a424a5a5eb13a2fd2961182ef
.exe windows x86

211f7a92931602899e16bc9726765175

Code Sign

43:00:c6:49:5c:33:ff:8f:44:4b:25:d2:6c:99:2b:59
Certificate

Issuer

CN=Toshiba MQ01ABMxx 2.5 WH06ABW020

Not Before

25-11-2022 16:23

Not After

26-11-2032 16:23

Subject

CN=Toshiba MQ01ABMxx 2.5 WH06ABW020

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:fc:c5:21:e2:5d:f1:ed:df:d7:30:30:d0:e5:d3:be:2e:99:49:9d:55:38:c0:22:6d:9d:b6:cf:29:8c:8c:b7
Signer

Actual PE Digest

20:fc:c5:21:e2:5d:f1:ed:df:d7:30:30:d0:e5:d3:be:2e:99:49:9d:55:38:c0:22:6d:9d:b6:cf:29:8c:8c:b7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Toshiba MQ01ABMxx 2.5 WH06ABW020

28-11-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
TerminateProcess
GetModuleHandleA
Sleep
GetTempPathA
LoadLibraryA
DeleteFileA
GetCurrentProcess
lstrcatA
GetLastError
lstrcpyA
lstrlenA
CloseHandle
lstrcpynA
WriteConsoleW
GetProcAddress
SetPriorityClass
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapFree
LCMapStringW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
CreateFileW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!!!! 0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

211f7a92931602899e16bc9726765175

Code Sign

43:00:c6:49:5c:33:ff:8f:44:4b:25:d2:6c:99:2b:59Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

20:fc:c5:21:e2:5d:f1:ed:df:d7:30:30:d0:e5:d3:be:2e:99:49:9d:55:38:c0:22:6d:9d:b6:cf:29:8c:8c:b7Signer

Signature Validations

Verification

28-11-2022 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 136KB

.rdata Size: - Virtual size: 28KB

.data Size: - Virtual size: 5KB

.!!!! 0 Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1024B - Virtual size: 736B

.vmp2 Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 172KB - Virtual size: 237KB

43:00:c6:49:5c:33:ff:8f:44:4b:25:d2:6c:99:2b:59
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

20:fc:c5:21:e2:5d:f1:ed:df:d7:30:30:d0:e5:d3:be:2e:99:49:9d:55:38:c0:22:6d:9d:b6:cf:29:8c:8c:b7
Signer

28-11-2022 11:52
Valid: false

.text
Size: - Virtual size: 136KB

.rdata
Size: - Virtual size: 28KB

.data
Size: - Virtual size: 5KB

.!!!! 0
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1024B - Virtual size: 736B

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 172KB - Virtual size: 237KB