Open_New_Pass_1234_G4_Active[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Open_New_Pass_1234_G4_Active.rar
Size

5.8MB
MD5

6a8fddac3de8f8b18c3789d7455a506f
SHA1

af822992f28e35504d8185fa558094e297a749ee
SHA256

8c5d344c77678fee2bf370d77313cd82a72442c4128ddfe9b4e32333e60116cd
SHA512

51283d6699bc0089543843e4acaafc192a7ae9d1590ed2969414d350e29d0905644f9340cc7578003077c3325da1d27b9f1908a0eb53dacd362ff8fd1f1a5a60
SSDEEP

98304:3HRXfqJpFNq+m0w83vbMTmf9whXXATb55+itpglc7UbDeEHkg:3xXfqJpF7wGvbMkWhXXAR9tp4zkg

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Setup.exe	vmprotect

Files

Open_New_Pass_1234_G4_Active.rar
.rar

Password: 1234
Setup.exe
.exe windows x86

Password: 1234

bbc65852ba3fb881c4f7061bae0e6ae3

Code Sign

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:dd
Certificate

Issuer

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

Not Before

20-06-2022 19:19

Not After

21-06-2032 19:19

Subject

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:d8:23:dc:7c:61:8c:8d:17:fc:49:61:ac:b2:a1:a9:b1:ee:08:04:64:e7:4a:b3:ef:6b:e6:2a:8a:eb:8f:e0
Signer

Actual PE Digest

84:d8:23:dc:7c:61:8c:8d:17:fc:49:61:ac:b2:a1:a9:b1:ee:08:04:64:e7:4a:b3:ef:6b:e6:2a:8a:eb:8f:e0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

15-12-2022 13:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualProtect
FindFirstFileW
LocalAlloc
GetProcessHeap
FindNextFileW
ExitProcess
SetEndOfFile
CreateFileW
CreateFileA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ReleaseDC
CharUpperBuffW

gdi32

CreateDCA
GetDeviceCaps

Sections

.text
Size: - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

bbc65852ba3fb881c4f7061bae0e6ae3

Code Sign

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:ddCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

84:d8:23:dc:7c:61:8c:8d:17:fc:49:61:ac:b2:a1:a9:b1:ee:08:04:64:e7:4a:b3:ef:6b:e6:2a:8a:eb:8f:e0Signer

Signature Validations

Verification

15-12-2022 13:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 206KB

.rdata Size: - Virtual size: 57KB

.data Size: - Virtual size: 84KB

.vmp0 Size: - Virtual size: 2.7MB

.vmp1 Size: 1KB - Virtual size: 1KB

.vmp2 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 66KB - Virtual size: 65KB

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:dd
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

84:d8:23:dc:7c:61:8c:8d:17:fc:49:61:ac:b2:a1:a9:b1:ee:08:04:64:e7:4a:b3:ef:6b:e6:2a:8a:eb:8f:e0
Signer

15-12-2022 13:59
Valid: false

.text
Size: - Virtual size: 206KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 84KB

.vmp0
Size: - Virtual size: 2.7MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 66KB - Virtual size: 65KB