894e9d1e20ca364dde0773eb7235ce676cbf45dbd9ef02be61e9ecefd8b226fd

Sharing

Copy URL

Twitter E-mail

General

Target

894e9d1e20ca364dde0773eb7235ce676cbf45dbd9ef02be61e9ecefd8b226fd
Size

2.6MB
MD5

f8e6b9c3efa23ad232f95aab77ba48bc
SHA1

28c10b457d03d9d88c8f82cdf7efbdfce4370511
SHA256

894e9d1e20ca364dde0773eb7235ce676cbf45dbd9ef02be61e9ecefd8b226fd
SHA512

84d6ca4cf29246ab293d01e42545f659b9a4335e508d814019e137f97bcd5f35e00340a65ebca191fbdfc7b303691084e60c3f6c5c2d03ce4a4de180fff55572
SSDEEP

49152:yOAWgA9i5Th9k3Do8eqVWtbHvW/IodJnONn/YMvWzDSvDCAM:iW8Rk8OkNHksPvpM

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

894e9d1e20ca364dde0773eb7235ce676cbf45dbd9ef02be61e9ecefd8b226fd
.dll windows x64

dd40f5b51f0c60504774fe5ba71e8a7b

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:58

Not After

08/03/2023, 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:95:08:a2:a8:86:d0:86:4b:e6:41:b1:68:fe:44:ce:e3:78:25:fb:e6:fd:51:df:5d:f5:6f:29:af:10:de:c8
Signer

Actual PE Digest

26:95:08:a2:a8:86:d0:86:4b:e6:41:b1:68:fe:44:ce:e3:78:25:fb:e6:fd:51:df:5d:f5:6f:29:af:10:de:c8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strlen
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd40f5b51f0c60504774fe5ba71e8a7b

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dcCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

26:95:08:a2:a8:86:d0:86:4b:e6:41:b1:68:fe:44:ce:e3:78:25:fb:e6:fd:51:df:5d:f5:6f:29:af:10:de:c8Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 107KB

.rdata Size: - Virtual size: 15KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 2KB

INIT Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 512B - Virtual size: 204B

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

26:95:08:a2:a8:86:d0:86:4b:e6:41:b1:68:fe:44:ce:e3:78:25:fb:e6:fd:51:df:5d:f5:6f:29:af:10:de:c8
Signer

01/12/2022, 14:34
Valid: false

.text
Size: - Virtual size: 107KB

.rdata
Size: - Virtual size: 15KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 2KB

INIT
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 512B - Virtual size: 204B