e09b54d488667bbe1e4edc14cd631aa69ae7777304161664888ebe84c14ef866

Sharing

Copy URL Twitter E-mail

General

Target

e09b54d488667bbe1e4edc14cd631aa69ae7777304161664888ebe84c14ef866
Size

469KB
MD5

d0f52960ae4f2b30008f7ce7f115095d
SHA1

a0e294473a319f3e43049e743fb37fe52d73d92a
SHA256

e09b54d488667bbe1e4edc14cd631aa69ae7777304161664888ebe84c14ef866
SHA512

cb831f035804645af3acad8ec69d0cfac2d465ecab153524f59a7f83b610dd38eae3c5c0582d3d93c254c5348da95d925513c3c3fb457b0fff63099c327b301a
SSDEEP

12288:x40gMyjFtZT9UJ/ESSIPDgwwoRteHNUvW4DEyXGW6fA/OC:xaM4FtlGJldbgwwoHeHLyBR

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

e09b54d488667bbe1e4edc14cd631aa69ae7777304161664888ebe84c14ef866
.exe windows x86

5c8174d709291d54345305bc94e4aecb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:60:78:02:2f:a9:1c:0e:b6:13:26:e0:e8:fd:be:9c:30
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

08/07/2013, 08:29

Not After

09/07/2014, 08:29

Subject

CN=Skytouch Technology Co.\, Limited,O=Skytouch Technology Co.\, Limited,L=HongKong,ST=HongKong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:72:90:e0:56:12:ce:63:84:1b:cb:2d:30:91:72:6c:e3:1c:bf:38
Signer

Actual PE Digest

b0:72:90:e0:56:12:ce:63:84:1b:cb:2d:30:91:72:6c:e3:1c:bf:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Skytouch Technology Co.\, Limited,O=Skytouch Technology Co.\, Limited,L=HongKong,ST=HongKong,C=HK

23/09/2013, 08:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics

advapi32

DeregisterEventSource

shell32

SHGetFolderPathW

ole32

CoInitializeEx

oleaut32

SysAllocString

shlwapi

PathFindFileNameW

winhttp

WinHttpCloseHandle

sensapi

IsNetworkAlive

version

GetFileVersionInfoW

wininet

InternetConnectW

psapi

EnumProcessModules

userenv

CreateEnvironmentBlock

Sections

.text
Size: - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c8174d709291d54345305bc94e4aecb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:60:78:02:2f:a9:1c:0e:b6:13:26:e0:e8:fd:be:9c:30Certificate

Extended Key Usages

Key Usages

b0:72:90:e0:56:12:ce:63:84:1b:cb:2d:30:91:72:6c:e3:1c:bf:38Signer

Signature Validations

Verification

23/09/2013, 08:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

sensapi

version

wininet

psapi

userenv

Sections

.text Size: - Virtual size: 234KB

.rdata Size: - Virtual size: 59KB

.data Size: - Virtual size: 25KB

.vmp0 Size: - Virtual size: 376KB

.vmp1 Size: 455KB - Virtual size: 455KB

.reloc Size: 512B - Virtual size: 148B

.rsrc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:60:78:02:2f:a9:1c:0e:b6:13:26:e0:e8:fd:be:9c:30
Certificate

b0:72:90:e0:56:12:ce:63:84:1b:cb:2d:30:91:72:6c:e3:1c:bf:38
Signer

23/09/2013, 08:24
Valid: false

.text
Size: - Virtual size: 234KB

.rdata
Size: - Virtual size: 59KB

.data
Size: - Virtual size: 25KB

.vmp0
Size: - Virtual size: 376KB

.vmp1
Size: 455KB - Virtual size: 455KB

.reloc
Size: 512B - Virtual size: 148B

.rsrc
Size: 6KB - Virtual size: 6KB