27ea0a554ce1ec8c63feaeba8a19d1ae4f6ca59209d87251815cccc497bc3b5b

Sharing

Copy URL Twitter E-mail

General

Target

27ea0a554ce1ec8c63feaeba8a19d1ae4f6ca59209d87251815cccc497bc3b5b
Size

1.2MB
MD5

e60a098bbf439337c648b38222aa9c1e
SHA1

89da9ae48056bb4c9a25fa715c778e36e75ffc44
SHA256

27ea0a554ce1ec8c63feaeba8a19d1ae4f6ca59209d87251815cccc497bc3b5b
SHA512

32525f3505e9321598863ebd7dd36edd7aa2bcc1c96d33a62d7e1da2f6b8babc43dda09ef615398852221bdd1679c9cb0d0ffed2b9c50191fb5d216d7245a8eb
SSDEEP

24576:0dUc4lif+C7f/2+xrW8PZdWXOzKd8LzZ4IWiT1UIUlDgt:JlNCK+BhuV+zZTWiTq0t

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

27ea0a554ce1ec8c63feaeba8a19d1ae4f6ca59209d87251815cccc497bc3b5b
.exe windows x64

7824adc4d8396f8b981a752169e9553c

Code Sign

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

Issuer

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Not Before

28/04/2023, 01:56

Not After

27/04/2024, 01:56

Subject

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

Issuer

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Not Before

28/04/2023, 01:56

Not After

27/04/2024, 01:56

Subject

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

be:27:b2:7d:fd:05:70:58:64:c6:94:15:16:f8:e6:f1:e1:b1:79:84:9e:85:ad:6e:61:a9:be:2f:49:3b:91:d3
Signer

Actual PE Digest

be:27:b2:7d:fd:05:70:58:64:c6:94:15:16:f8:e6:f1:e1:b1:79:84:9e:85:ad:6e:61:a9:be:2f:49:3b:91:d3

Digest Algorithm

sha256

PE Digest Matches

true

3f:55:a6:35:4b:bc:47:49:d6:fc:2b:8d:f8:11:91:25:e7:a5:2d:2f
Signer

Actual PE Digest

3f:55:a6:35:4b:bc:47:49:d6:fc:2b:8d:f8:11:91:25:e7:a5:2d:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

OpenProcessToken

ole32

CoGetObject

wininet

InternetOpenA

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7824adc4d8396f8b981a752169e9553c

Code Sign

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2Certificate

Extended Key Usages

Key Usages

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2Certificate

Extended Key Usages

Key Usages

be:27:b2:7d:fd:05:70:58:64:c6:94:15:16:f8:e6:f1:e1:b1:79:84:9e:85:ad:6e:61:a9:be:2f:49:3b:91:d3Signer

3f:55:a6:35:4b:bc:47:49:d6:fc:2b:8d:f8:11:91:25:e7:a5:2d:2fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

wininet

user32

Sections

.text Size: - Virtual size: 91KB

.rdata Size: - Virtual size: 45KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 4KB

_RDATA Size: - Virtual size: 252B

.vmp0 Size: - Virtual size: 947KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 6KB - Virtual size: 5KB

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

be:27:b2:7d:fd:05:70:58:64:c6:94:15:16:f8:e6:f1:e1:b1:79:84:9e:85:ad:6e:61:a9:be:2f:49:3b:91:d3
Signer

3f:55:a6:35:4b:bc:47:49:d6:fc:2b:8d:f8:11:91:25:e7:a5:2d:2f
Signer

.text
Size: - Virtual size: 91KB

.rdata
Size: - Virtual size: 45KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 4KB

_RDATA
Size: - Virtual size: 252B

.vmp0
Size: - Virtual size: 947KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 6KB - Virtual size: 5KB