full_setup[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

full_setup.zip
Size

31.3MB
MD5

5c0c12b77645dfd8bcf2b53633a06017
SHA1

540e13748eeb9f1dbfeaa3d0f3b09b43dab65d48
SHA256

f974e052ad714257e52abccc60034dbddfc26f909a06ca980e315c3c4813a829
SHA512

1957bfa5cd3053dd9ad2a660c130f6124e68f4958daa5536d249deebc93a2bd6770ae692194fff5de0fb1e43cb75a22c861d6a3624081ee65762e78f14b561bc
SSDEEP

786432:pcBFIMj5WeCWCeWB7tOtv1LFFB/DaO57wMkS9hesD/dRb1EMzvKGQ1apAqO:NM9RIe47Itv1LFn/2O5WSesD/zJEMWGs

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack002/Setup.exe	vmprotect

Files

full_setup.zip
.zip

Password: infected
Your_Full_Setup_Downloaded_Here.zip
.zip
LangZ/Cr0atian.ini
LangZ/Dani.ini
LangZ/English.ini
LangZ/Hebrew.ini
LangZ/Hungarian.ini
.ps1
LangZ/Ind0nesian.ini
LangZ/Japanese.ini
LangZ/K0rean.ini
.ps1
LangZ/Kazakh.ini
LangZ/Kurdish.ini
LangZ/N0rwegian.ini
LangZ/SimpChinese.ini
LangZ/Sinhala.ini
LangZ/Sl0vak.ini
LangZ/Swedi.ini
LangZ/Thai.ini
LangZ/TradChinese.ini
LangZ/Ukrainian.ini
LangZ/UyghurLatin.ini
LangZ/Uzbek.ini
LangZ/Vietnamese.ini
Setup.exe
.exe windows x86

29ed970ed42ff5f8e29070be56e1f7d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:0d:31:5f:dd:e6:b1:93:a4:51:5a:45:a2:a8:cb:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/10/2010, 00:00

Not After

20/09/2013, 23:59

Subject

CN=Western Digital Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Western Digital Technologies\, Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:a8:fe:bc:00:75:1b:50:63:1e:0f:a9:b9:b9:b5:bb:aa:2e:56:23
Signer

Actual PE Digest

79:a8:fe:bc:00:75:1b:50:63:1e:0f:a9:b9:b9:b5:bb:aa:2e:56:23

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Western Digital Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Western Digital Technologies\, Inc.,L=Mountain View,ST=California,C=US

21/03/2013, 15:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

GetDeviceCaps

ole32

CoInitialize

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

29ed970ed42ff5f8e29070be56e1f7d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

46:0d:31:5f:dd:e6:b1:93:a4:51:5a:45:a2:a8:cb:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

79:a8:fe:bc:00:75:1b:50:63:1e:0f:a9:b9:b9:b5:bb:aa:2e:56:23Signer

Signature Validations

Verification

21/03/2013, 15:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 512B - Virtual size: 464B

.vmp2 Size: 3.7MB - Virtual size: 3.7MB

.rsrc Size: 145KB - Virtual size: 202KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:0d:31:5f:dd:e6:b1:93:a4:51:5a:45:a2:a8:cb:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

79:a8:fe:bc:00:75:1b:50:63:1e:0f:a9:b9:b9:b5:bb:aa:2e:56:23
Signer

21/03/2013, 15:13
Valid: false

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 512B - Virtual size: 464B

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

.rsrc
Size: 145KB - Virtual size: 202KB