936c3e791ba1bb80840c6472332c9f25[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

936c3e791ba1bb80840c6472332c9f25.bin
Size

877KB
MD5

9f24585b53974cbc10688b76a27e3245
SHA1

8dd6b4cdd03763267d60c648d8115f56be86e83b
SHA256

64656c8b559ca3e40933e45a0fc28bcf1cd73620fea034381a13ca4052e74508
SHA512

5c49e989c76b08cbe4257c260ffc888bfe5e0f3c742f9436a8752a0da54e977cdc86924509e4a76add712e6e6f8be239fcd6bb42e184b3ebcc6a97a03b8507f2
SSDEEP

24576:Wg9VTn5Gytp/kymVLgF1FgLk+Nbp4eNgww:XfTnfZLLcv14Ew

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/0073d2f00caee069e79c98fd533607656cacb7cb89983f1c1ea4f9aa572e4a67.dll	vmprotect

Files

936c3e791ba1bb80840c6472332c9f25.bin
.zip

Password: infected
0073d2f00caee069e79c98fd533607656cacb7cb89983f1c1ea4f9aa572e4a67.dll
.dll regsvr32 windows x86

Password: infected

94c58018430f3da54976c1470e97bebd

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:e5:2d:28:ba:a0:e6:dd:fd:a5:07:71:b2:b3:cd:86
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-08-2019 00:00

Not After

26-08-2020 12:00

Subject

SERIALNUMBER=914401063535063493,CN=广州天行客网络科技有限公司,O=广州天行客网络科技有限公司,L=广州市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c12e5b9bfe5b79ee5b882e5a4a9e6b2b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:d3:16:a2:b9:3d:1b:d6:a2:1e:3b:73:1d:90:4c:83
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-08-2019 00:00

Not After

26-08-2020 12:00

Subject

SERIALNUMBER=914401063535063493,CN=广州天行客网络科技有限公司,O=广州天行客网络科技有限公司,L=广州市,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c12e5b9bfe5b79ee5b882e5a4a9e6b2b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:72:76:9e:24:a8:d4:d3:a3:f1:14:d5:c8:07:6d:72:cd:2c:b0:ec:14:dc:62:58:1c:32:1c:e1:a1:a7:4e:79
Signer

Actual PE Digest

cf:72:76:9e:24:a8:d4:d3:a3:f1:14:d5:c8:07:6d:72:cd:2c:b0:ec:14:dc:62:58:1c:32:1c:e1:a1:a7:4e:79

Digest Algorithm

sha256

PE Digest Matches

true

27:db:30:b4:68:ae:6b:34:6b:08:91:f4:46:f7:60:a9:f6:db:5e:d0
Signer

Actual PE Digest

27:db:30:b4:68:ae:6b:34:6b:08:91:f4:46:f7:60:a9:f6:db:5e:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname
recv
setsockopt
htons
send
inet_addr
ntohs
connect
socket
closesocket
select
ioctlsocket
WSAGetLastError

kernel32

GetConsoleCP
HeapReAlloc
FindFirstFileW
WaitForSingleObject
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
FindClose
CreateEventW
GetModuleFileNameA
CloseHandle
GetConsoleMode
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetLastError
GetTickCount
SetEvent
GetCurrentProcess
GlobalAlloc
GlobalFree
CreateFileW
DeviceIoControl
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
WriteFile
GetStdHandle
HeapSize
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
ExitProcess
GetModuleHandleExW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

advapi32

RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteExW

ole32

CoTaskMemFree
StringFromCLSID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetPlugInProgram
DllGetRedirectChannelInfo
DllGetUDiskBurnInfo
DllRegisterServer
DllSetHardWareInfo
DllUnregisterServer
Dll_Char_Free
Dll_Get_Advertisement
Dll_Get_Application_Book
Dll_Get_New_Windows_Install_Channel
Dll_Get_OnLine_Update
Dll_Get_Win_Msdn
Dll_Get_Windows_Install
Dll_Get_Windows_Install_Channel
Dll_OpenSoft_CS
Dll_PE_VER_CS
Dll_Post_Statistics
Dll_SetServerConfig
Dll_UdiskDataAttachments_CS
Dll_UdiskData_CS
Dll_Update
Dll_WinGho_CS

Sections

.text
Size: - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

94c58018430f3da54976c1470e97bebd

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

02:e5:2d:28:ba:a0:e6:dd:fd:a5:07:71:b2:b3:cd:86Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

06:d3:16:a2:b9:3d:1b:d6:a2:1e:3b:73:1d:90:4c:83Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cf:72:76:9e:24:a8:d4:d3:a3:f1:14:d5:c8:07:6d:72:cd:2c:b0:ec:14:dc:62:58:1c:32:1c:e1:a1:a7:4e:79Signer

27:db:30:b4:68:ae:6b:34:6b:08:91:f4:46:f7:60:a9:f6:db:5e:d0Signer

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: - Virtual size: 445KB

.rdata Size: - Virtual size: 88KB

.data Size: - Virtual size: 42KB

.vmp0 Size: - Virtual size: 690KB

.vmp1 Size: 926KB - Virtual size: 926KB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 1024B - Virtual size: 620B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

02:e5:2d:28:ba:a0:e6:dd:fd:a5:07:71:b2:b3:cd:86
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

06:d3:16:a2:b9:3d:1b:d6:a2:1e:3b:73:1d:90:4c:83
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cf:72:76:9e:24:a8:d4:d3:a3:f1:14:d5:c8:07:6d:72:cd:2c:b0:ec:14:dc:62:58:1c:32:1c:e1:a1:a7:4e:79
Signer

27:db:30:b4:68:ae:6b:34:6b:08:91:f4:46:f7:60:a9:f6:db:5e:d0
Signer

.text
Size: - Virtual size: 445KB

.rdata
Size: - Virtual size: 88KB

.data
Size: - Virtual size: 42KB

.vmp0
Size: - Virtual size: 690KB

.vmp1
Size: 926KB - Virtual size: 926KB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 1024B - Virtual size: 620B