file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

3.5MB
MD5

faeec27fb7e06d596524d2eee38b9324
SHA1

fd285e154d37b00b257c4d78cb6a22ba469f0076
SHA256

84034554bedf2e6d1b3a759a0e8ec314aeb9fa67e3cdd64fca2313a4328b7356
SHA512

561a8ab448ff5af6751695d181471212f811a9f7268a49fd51ba96383615b0a62dabe1872d194f5ba02a8cb95900e3b49bb7695bdee073e2d7c537acdc5ceadf
SSDEEP

49152:KRsrn9V0/uukufaDOnw+BGTBE1mjlL79D08BdaV2PKJQYiVAfA6Pbbna5+cYds0g:Rr9xaaqwQGNE8pL5RzPb7OA6P3g+Ddfg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

file.exe
.exe windows x86

e3071a437e2c94918946a3d3059c5386

Code Sign

38:4f:4d:66:d3:0c:87:a2:4a:19:2a:aa:2d:3f:fa:83
Certificate

Issuer

CN=Acer Nitro Ultra AN517-58 [AN527-75-77M3]

Not Before

09-03-2023 19:23

Not After

10-03-2033 19:23

Subject

CN=Acer Nitro Ultra AN517-58 [AN527-75-77M3]

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:de:64:40:70:d7:4e:be:61:a9:a0:a0:36:aa:cc:bf:37:85:21:52:ac:af:6e:64:55:e5:41:38:ba:b7:84:cd
Signer

Actual PE Digest

b7:de:64:40:70:d7:4e:be:61:a9:a0:a0:36:aa:cc:bf:37:85:21:52:ac:af:6e:64:55:e5:41:38:ba:b7:84:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Acer Nitro Ultra AN517-58 [AN527-75-77M3]

09-03-2023 18:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocExNuma
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

VariantInit

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3071a437e2c94918946a3d3059c5386

Code Sign

38:4f:4d:66:d3:0c:87:a2:4a:19:2a:aa:2d:3f:fa:83Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b7:de:64:40:70:d7:4e:be:61:a9:a0:a0:36:aa:cc:bf:37:85:21:52:ac:af:6e:64:55:e5:41:38:ba:b7:84:cdSigner

Signature Validations

Verification

09-03-2023 18:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

Sections

.text Size: - Virtual size: 268KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 84KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 225KB - Virtual size: 252KB

38:4f:4d:66:d3:0c:87:a2:4a:19:2a:aa:2d:3f:fa:83
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b7:de:64:40:70:d7:4e:be:61:a9:a0:a0:36:aa:cc:bf:37:85:21:52:ac:af:6e:64:55:e5:41:38:ba:b7:84:cd
Signer

09-03-2023 18:59
Valid: false

.text
Size: - Virtual size: 268KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 84KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 225KB - Virtual size: 252KB