7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.exe
Size

4.3MB
MD5

a84ae563d1609328b28f2aa2a3995f04
SHA1

8f862f951a09c6abad083dd23a2ec51326ed40be
SHA256

7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6
SHA512

5607092db8cbf85d5b7675e2e095e5f27024ccd312eb69b969bf52f27f41ae0f948502cda3354c4af557a51889bbe9e811a9a6b0d615d815ab0be1ade588fd3e
SSDEEP

98304:CbYge4+0LvwB6kNrzvAlLmw2kXHP9H6Wq1kodljMupRvWsgcrw7w:CbYg3+3BpzvYf2kXHPcTdFBp9r7rf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.exe
.exe windows x64

5446644b50792a2da17322ed4a5a3770

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5
Signer

Actual PE Digest

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__chkstk
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5446644b50792a2da17322ed4a5a3770

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 146KB

.rdata Size: - Virtual size: 172KB

.data Size: - Virtual size: 4.8MB

.pdata Size: - Virtual size: 6KB

INIT Size: - Virtual size: 592B

.vmp0 Size: - Virtual size: 3.0MB

.vmp1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 512B - Virtual size: 168B

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5
Signer

.text
Size: - Virtual size: 146KB

.rdata
Size: - Virtual size: 172KB

.data
Size: - Virtual size: 4.8MB

.pdata
Size: - Virtual size: 6KB

INIT
Size: - Virtual size: 592B

.vmp0
Size: - Virtual size: 3.0MB

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 512B - Virtual size: 168B