e40ab9a5adf2f66db7d8f8b2f63c1507fe23deab697a5ba022f1c392f0bc4b63

Sharing

Copy URL Twitter E-mail

General

Target

e40ab9a5adf2f66db7d8f8b2f63c1507fe23deab697a5ba022f1c392f0bc4b63
Size

161KB
MD5

3fdd32084e6cbcb21df3fd45e5548f56
SHA1

e24ac894c5ae57518507bc98ac46a68f5b75e091
SHA256

e40ab9a5adf2f66db7d8f8b2f63c1507fe23deab697a5ba022f1c392f0bc4b63
SHA512

3fe1629f0aef5c64f81383aad24ca48e1a3072d8dafedc966b4a21c74fdfe61c202fc9df040b88699eb84aa59f1232f7e358343d18b9f4b193dc8e67c3857a5b
SSDEEP

3072:l9iLxfYUcxbyGokszIzJLC18JR2dXhdltu85DMuOGDzxhqpXh7+S:CluyGokbJW1MRcXru8MuFDzwqS

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

e40ab9a5adf2f66db7d8f8b2f63c1507fe23deab697a5ba022f1c392f0bc4b63
.exe windows x86

4aee13e3abf3af293eb487ff0cb959c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:eb:47:9a:2a:a0:63:e9:05:6a:f1:f4:25:8f:3b:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2006, 00:00

Not After

14/06/2007, 23:59

Subject

CN=MainConcept AG,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MainConcept AG,L=Aachen,ST=NRW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

SendMessageA
MessageBoxA

ole32

CoInitialize

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

msvcrt

??2@YAPAXI@Z

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aee13e3abf3af293eb487ff0cb959c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:eb:47:9a:2a:a0:63:e9:05:6a:f1:f4:25:8f:3b:e5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

msvcp60

msvcrt

Sections

.text Size: - Virtual size: 15KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 2KB

.rsrc Size: 26KB - Virtual size: 64KB

.vmp0 Size: - Virtual size: 55KB

.vmp1 Size: 127KB - Virtual size: 127KB

.reloc Size: 512B - Virtual size: 96B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:eb:47:9a:2a:a0:63:e9:05:6a:f1:f4:25:8f:3b:e5
Certificate

.text
Size: - Virtual size: 15KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 26KB - Virtual size: 64KB

.vmp0
Size: - Virtual size: 55KB

.vmp1
Size: 127KB - Virtual size: 127KB

.reloc
Size: 512B - Virtual size: 96B