4a673e2e7e8d965eeba0b5e6c2f66065e6631460ae9cd8a19779d2f23d19c758

Sharing

Copy URL

Twitter E-mail

General

Target

4a673e2e7e8d965eeba0b5e6c2f66065e6631460ae9cd8a19779d2f23d19c758
Size

5.0MB
MD5

f74bd5f56433110b95565e56f07afd8e
SHA1

5d44f174c65a052f7479aa3726def72a44145288
SHA256

4a673e2e7e8d965eeba0b5e6c2f66065e6631460ae9cd8a19779d2f23d19c758
SHA512

715507e2ae43f1e6dc3f6410184b62915504b4f0465fcca22911db928f7fd4ae7629cc59b0e1e72abb6b3cbb69a19a5095e43190f4c2ddb6a51db1fa840e0662
SSDEEP

98304:0g1glG4ajy2toG3AMzo3kDS0TDPQqKiuW3Am1HF3F/DudvwUuI+Qz8aY4v:084H0CBigCD2vwHIX8aY4v

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

4a673e2e7e8d965eeba0b5e6c2f66065e6631460ae9cd8a19779d2f23d19c758
.exe windows x86

b81079f03aee7551cd3bdd724287ead5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2d:af:fb:7a:20:58:8a:40:87:11:b7:98:fd:3d:fc:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07-01-2013 00:00

Not After

07-01-2015 23:59

Subject

CN=福州创意嘉和软件有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术中心,O=福州创意嘉和软件有限公司,L=FuZhou,ST=FuJian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:b7:23:0e:36:1e:40:1e:f2:4d:26:f3:d6:81:b8:cc:1c:57:c8:83
Signer

Actual PE Digest

f0:b7:23:0e:36:1e:40:1e:f2:4d:26:f3:d6:81:b8:cc:1c:57:c8:83

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=福州创意嘉和软件有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=技术中心,O=福州创意嘉和软件有限公司,L=FuZhou,ST=FuJian,C=CN

20-08-2013 09:50
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord807

msvcrt

__getmainargs

kernel32

GlobalSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics
MessageBoxA

gdi32

RoundRect

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_GetImageInfo

ole32

CLSIDFromString

oleaut32

SysAllocStringByteLen

urlmon

URLDownloadToFileA

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

winmm

PlaySoundA

wininet

DeleteUrlCacheEntry

shlwapi

SHDeleteKeyA

ws2_32

gethostbyname

rpcrt4

RpcStringFreeA

imagehlp

MakeSureDirectoryPathExists

dinput8

DirectInput8Create

msimg32

GradientFill

uxtheme

SetThemeAppProperties

comdlg32

GetOpenFileNameA

olepro32

ord251

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 744KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b81079f03aee7551cd3bdd724287ead5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2d:af:fb:7a:20:58:8a:40:87:11:b7:98:fd:3d:fc:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f0:b7:23:0e:36:1e:40:1e:f2:4d:26:f3:d6:81:b8:cc:1c:57:c8:83Signer

Signature Validations

Verification

20-08-2013 09:50 Valid: false

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

winmm

wininet

shlwapi

ws2_32

rpcrt4

imagehlp

dinput8

msimg32

uxtheme

comdlg32

olepro32

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 740KB

.rdata Size: 440KB - Virtual size: 438KB

.data Size: 48KB - Virtual size: 324KB

.vmp0 Size: 1.4MB - Virtual size: 1.4MB

.vmp1 Size: 148KB - Virtual size: 146KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2d:af:fb:7a:20:58:8a:40:87:11:b7:98:fd:3d:fc:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f0:b7:23:0e:36:1e:40:1e:f2:4d:26:f3:d6:81:b8:cc:1c:57:c8:83
Signer

20-08-2013 09:50
Valid: false

.text
Size: 744KB - Virtual size: 740KB

.rdata
Size: 440KB - Virtual size: 438KB

.data
Size: 48KB - Virtual size: 324KB

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

.vmp1
Size: 148KB - Virtual size: 146KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB