8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104

Sharing

Copy URL

Twitter E-mail

General

Target

8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
Size

2.6MB
MD5

6fcf56f6ca3210ec397e55f727353c4a
SHA1

6debce728bcff73d9d1d334df0c6b1c3735e295c
SHA256

8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
SHA512

829940e6cd9d435c976703f2c4157daea6a8c9425e08463348eaceace5a84d6a1026eadd78c855f1cf26ee5926e5249a8d3cecc81c44eb097b126eba9765a555
SSDEEP

49152:3G3zBD9cntcA9Bi0xdEhfUm402yzzQsGlS8FoF14D25gEhWSgLwcRYGLU22:3GVRctc+EJUmAc4y4SKRb2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
.exe windows x64

2a008187d4a73284ddcc43f1b727b513

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:16:d4:c5:23:ae:ea:97:03:03:2c:a9:3e:b9:66:8b:9a:16:f5:42:c0:0c:ec:24:8b:0a:1c:13:2d:80:bb:15
Signer

Actual PE Digest

17:16:d4:c5:23:ae:ea:97:03:03:2c:a9:3e:b9:66:8b:9a:16:f5:42:c0:0c:ec:24:8b:0a:1c:13:2d:80:bb:15

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01-12-2022 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

rand
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1006B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a008187d4a73284ddcc43f1b727b513

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

17:16:d4:c5:23:ae:ea:97:03:03:2c:a9:3e:b9:66:8b:9a:16:f5:42:c0:0c:ec:24:8b:0a:1c:13:2d:80:bb:15Signer

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 5KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 272B

.pdata Size: - Virtual size: 348B

INIT Size: - Virtual size: 1006B

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 512B - Virtual size: 8B

.vmp2 Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 512B - Virtual size: 184B

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

17:16:d4:c5:23:ae:ea:97:03:03:2c:a9:3e:b9:66:8b:9a:16:f5:42:c0:0c:ec:24:8b:0a:1c:13:2d:80:bb:15
Signer

01-12-2022 14:34
Valid: false

.text
Size: - Virtual size: 5KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 272B

.pdata
Size: - Virtual size: 348B

INIT
Size: - Virtual size: 1006B

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 512B - Virtual size: 8B

.vmp2
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 512B - Virtual size: 184B