fc4336067cd88790b660f147215e635fb7351c2938f48b5413658a331a1d180b

Sharing

Copy URL Twitter E-mail

General

Target

fc4336067cd88790b660f147215e635fb7351c2938f48b5413658a331a1d180b
Size

4.3MB
MD5

b3e18dd91aa7f2d69c4499da6789fc93
SHA1

0303b39a39fc1c1b1880ac4a1b0151eb93d8930e
SHA256

fc4336067cd88790b660f147215e635fb7351c2938f48b5413658a331a1d180b
SHA512

b82d1846a2533d5b6cf39b2e7a43b8e03ecd5b19b6d33aa89e43d1354e44411bf14779bd6e3a9cda7853f4eedd4f8d3e497026831b7058c0f3e995e382c2776e
SSDEEP

98304:Y6kfqnxb7TQxPe5BOk/JRzkYDwfo+9Kd/wKBSDt9uIKV1Xl/K:JkfqJ0IgkoEwfEwKBet9upV1JK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

fc4336067cd88790b660f147215e635fb7351c2938f48b5413658a331a1d180b
.exe windows x86

ce93d7c3ebcec80a1caab905b44546a0

Code Sign

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

Issuer

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Not Before

28/04/2023, 01:56

Not After

27/04/2024, 01:56

Subject

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

Issuer

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Not Before

28/04/2023, 01:56

Not After

27/04/2024, 01:56

Subject

CN=Brian.com,L=Hong Kong,ST=Central and Western District,C=HK

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:d4:93:48:c5:e5:96:f2:9f:2d:cf:65:a5:59:50:58:81:d5:30:ca:c7:4f:6c:7f:2a:ed:1b:e3:43:b0:7a:ce
Signer

Actual PE Digest

da:d4:93:48:c5:e5:96:f2:9f:2d:cf:65:a5:59:50:58:81:d5:30:ca:c7:4f:6c:7f:2a:ed:1b:e3:43:b0:7a:ce

Digest Algorithm

sha256

PE Digest Matches

true

82:f1:a0:bd:d1:6a:dd:ac:ac:da:22:a0:d9:41:f0:81:fa:15:fd:47
Signer

Actual PE Digest

82:f1:a0:bd:d1:6a:dd:ac:ac:da:22:a0:d9:41:f0:81:fa:15:fd:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage

gdi32

SetWindowOrgEx

oleaut32

VariantClear

msimg32

AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

UrlUnescapeA

oledlg

ord8

gdiplus

GdipSetInterpolationMode

oleacc

CreateStdAccessibleObject

imm32

ImmReleaseContext

wininet

InternetSetOptionExA

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

GetFileSecurityA

shell32

SHAddToRecentDocs

ole32

CreateStreamOnHGlobal

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce93d7c3ebcec80a1caab905b44546a0

Code Sign

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

da:d4:93:48:c5:e5:96:f2:9f:2d:cf:65:a5:59:50:58:81:d5:30:ca:c7:4f:6c:7f:2a:ed:1b:e3:43:b0:7a:ceSigner

82:f1:a0:bd:d1:6a:dd:ac:ac:da:22:a0:d9:41:f0:81:fa:15:fd:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

oleacc

imm32

wininet

winmm

winspool.drv

comdlg32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 337KB

.data Size: - Virtual size: 56KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 512B - Virtual size: 244B

.rsrc Size: 31KB - Virtual size: 30KB

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

75:74:2b:f4:bb:7a:68:cd:fc:6e:9d:37:4d:1e:db:ab:d2:0f:ac:e2
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

da:d4:93:48:c5:e5:96:f2:9f:2d:cf:65:a5:59:50:58:81:d5:30:ca:c7:4f:6c:7f:2a:ed:1b:e3:43:b0:7a:ce
Signer

82:f1:a0:bd:d1:6a:dd:ac:ac:da:22:a0:d9:41:f0:81:fa:15:fd:47
Signer

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 337KB

.data
Size: - Virtual size: 56KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 512B - Virtual size: 244B

.rsrc
Size: 31KB - Virtual size: 30KB