Behavioral task
behavioral1
Sample
a9b6da98731e3e9ffd32cfbf6dc1a13d82e88bcaa747595dab154a74de39289c.exe
Resource
win7-20220812-en
General
-
Target
a9b6da98731e3e9ffd32cfbf6dc1a13d82e88bcaa747595dab154a74de39289c
-
Size
2.2MB
-
MD5
9e4d09a7474c46b0a3ff4cfa5008bc37
-
SHA1
9f20082009c22993c537d6853415c52e4996130b
-
SHA256
a9b6da98731e3e9ffd32cfbf6dc1a13d82e88bcaa747595dab154a74de39289c
-
SHA512
3acbeba466ceee2f18db9a77ef024172691cea1740b5d119ad5f895e73bcef790fc0d8cdec263f021991f3be3100dc42cddd95b6ac942210407fda2686b34de5
-
SSDEEP
49152:N0WOSXVYV0JGKWZBFzCqFPu5rzt876hCwS/vdjj:0/R5FkrFEvFj
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect
Files
-
a9b6da98731e3e9ffd32cfbf6dc1a13d82e88bcaa747595dab154a74de39289c.exe windows x86
3491b26aed5084eedb3d5885bbfbeb08
Code Sign
26:b6:e9:91:a8:cb:a9:84:47:fb:8e:39:3d:c0:4b:feCertificate
IssuerCN=junguoguo.com,O=junguoguo.com,1.2.840.113549.1.9.1=#0c15737570706f7274406a756e67756f67756f2e636f6dNot Before11-12-2011 16:00Not After31-12-2017 16:00SubjectCN=junguoguo.com,O=junguoguo.com,1.2.840.113549.1.9.1=#0c15737570706f7274406a756e67756f67756f2e636f6d79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before01-05-2012 00:00Not After31-12-2012 23:59SubjectCN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
send
version
GetFileVersionInfoSizeW
winmm
timeGetTime
comctl32
ImageList_SetDragCursorImage
mpr
WNetGetConnectionW
wininet
InternetConnectW
psapi
GetModuleBaseNameW
userenv
DestroyEnvironmentBlock
kernel32
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
user32
IsDlgButtonChecked
gdi32
SetPixel
comdlg32
GetSaveFileNameW
advapi32
CreateProcessAsUserW
shell32
ShellExecuteW
ole32
CreateStreamOnHGlobal
oleaut32
SysStringLen
Sections
.text Size: - Virtual size: 535KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 874KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 276KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ