6a113c0f428c0fda4869165b1dab28a247d62ef07d9a6f875ce817a3010cc409

Sharing

Copy URL

Twitter E-mail

General

Target

6a113c0f428c0fda4869165b1dab28a247d62ef07d9a6f875ce817a3010cc409
Size

2.1MB
MD5

d43bde07f8dd29f868d73a811b2a5b1f
SHA1

3338af07659f0560ac9e3117328b33a11d877296
SHA256

6a113c0f428c0fda4869165b1dab28a247d62ef07d9a6f875ce817a3010cc409
SHA512

5a61634fbb2c5545966bccc531b919ea002252eb79886d0bb45612bddb633e055bc88d9bcc2b143ca1d72587c02120a3ad0489e58667ae8db7219d06bd4b67aa
SSDEEP

49152:SErU1wwElt9crJ/AgitE+oFjaiXU0kuyvVY9dr0HNE:SWUADcZjii/FjvX0FmcHW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

6a113c0f428c0fda4869165b1dab28a247d62ef07d9a6f875ce817a3010cc409
.exe windows x86

2f57dae71c456205b8ac93d384894164

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:09:62:86:39:b9:55:55:d5:6c:ff:67:d0:92:32:75:ec:29:7e:f3:4d:67:3f:a5:ba:5a:7d:98:4b:ab:82:31
Signer

Actual PE Digest

4e:09:62:86:39:b9:55:55:d5:6c:ff:67:d0:92:32:75:ec:29:7e:f3:4d:67:3f:a5:ba:5a:7d:98:4b:ab:82:31

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07/02/2023, 20:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA

shlwapi

SHDeleteKeyA

winmm

waveOutPrepareHeader

ws2_32

WSAStartup

kernel32

GetVersionExA
GetVersion
RemoveDirectoryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CheckMenuItem

gdi32

DeleteDC

winspool.drv

DocumentPropertiesA

advapi32

GetTokenInformation

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize

oleaut32

RegisterTypeLi

comctl32

ImageList_Destroy

wininet

HttpSendRequestA

comdlg32

GetSaveFileNameA

Sections

.data
Size: - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f57dae71c456205b8ac93d384894164

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4e:09:62:86:39:b9:55:55:d5:6c:ff:67:d0:92:32:75:ec:29:7e:f3:4d:67:3f:a5:ba:5a:7d:98:4b:ab:82:31Signer

Signature Validations

Verification

07/02/2023, 20:39 Valid: false

Headers

File Characteristics

Imports

rasapi32

shlwapi

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.data Size: - Virtual size: 543KB

.rdata Size: - Virtual size: 2.3MB

.data Size: - Virtual size: 277KB

.vmp0 Size: - Virtual size: 597KB

.vmp1 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 24KB - Virtual size: 21KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4e:09:62:86:39:b9:55:55:d5:6c:ff:67:d0:92:32:75:ec:29:7e:f3:4d:67:3f:a5:ba:5a:7d:98:4b:ab:82:31
Signer

07/02/2023, 20:39
Valid: false

.data
Size: - Virtual size: 543KB

.rdata
Size: - Virtual size: 2.3MB

.data
Size: - Virtual size: 277KB

.vmp0
Size: - Virtual size: 597KB

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 24KB - Virtual size: 21KB