b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846.zip
Size

3.2MB
MD5

74f1461cf41558461253d27bd0595e00
SHA1

44c95dc8400239aa31859ab43b39db2c409ea1cd
SHA256

a7d75810d2d2a82e4d554f774bf84336dcb06f20f1d1ba23253a223c53e025cb
SHA512

fb8f2af0a314d1cc99815b845adf1d5cdfc94d4adab83cc9bfc966cbd73b34a6d13e8ce816d0f53e936544fdc578712b0975aa234e508481b9490fd425f5eff1
SSDEEP

49152:5Tu04U07+W6W/FobXzamNdnF8xP5Mekgmb2C0bcQ/3gJwjtI8mr/uYKEbBKr0IqJ:l2+W+zb7IPh0bqh/MmtIl/u9P356pwg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846.exe	vmprotect

Files

b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846.zip
.zip

Password: infected
b6c63317d884b7fef58431c1ca61fd85438246a23c3e6920b3584741cc455846.exe
.exe windows x86

Password: infected

00de631d57481fec13b7898c99324f13

Code Sign

44:82:6c:5f:ab:41:18:9f:4e:57:f3:0e:bc:c8:17:b2
Certificate

Issuer

CN=Acer Lite Ultra AN517-57 [AN527-75-77M3]

Not Before

12-03-2023 18:13

Not After

13-03-2033 18:13

Subject

CN=Acer Lite Ultra AN517-57 [AN527-75-77M3]

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:25:01:da:8f:3a:a0:45:b1:30:0b:ed:84:98:e3:18:1d:a4:51:c7:ee:4d:ba:e1:57:08:ac:8c:e8:6a:68:c0
Signer

Actual PE Digest

22:25:01:da:8f:3a:a0:45:b1:30:0b:ed:84:98:e3:18:1d:a4:51:c7:ee:4d:ba:e1:57:08:ac:8c:e8:6a:68:c0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Acer Lite Ultra AN517-57 [AN527-75-77M3]

21-03-2023 12:26
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

GetDeviceCaps

ole32

CoInitialize

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

00de631d57481fec13b7898c99324f13

Code Sign

44:82:6c:5f:ab:41:18:9f:4e:57:f3:0e:bc:c8:17:b2Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

22:25:01:da:8f:3a:a0:45:b1:30:0b:ed:84:98:e3:18:1d:a4:51:c7:ee:4d:ba:e1:57:08:ac:8c:e8:6a:68:c0Signer

Signature Validations

Verification

21-03-2023 12:26 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

user32

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 184KB - Virtual size: 339KB

44:82:6c:5f:ab:41:18:9f:4e:57:f3:0e:bc:c8:17:b2
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

22:25:01:da:8f:3a:a0:45:b1:30:0b:ed:84:98:e3:18:1d:a4:51:c7:ee:4d:ba:e1:57:08:ac:8c:e8:6a:68:c0
Signer

21-03-2023 12:26
Valid: false

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 184KB - Virtual size: 339KB