7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.zip
Size

4.0MB
MD5

4ff07bfa94bd877dc1dcb4f72b7541a3
SHA1

1adebda6fe0214bd00859defc0cc81b613e48b7f
SHA256

8b2d700fd586a0fb06069d32c70cbe12b72b9cbcfe50bdfc736ca470e1aee9e2
SHA512

15ca18386c4d7fa5c2b24f01ac7565e6cabdfb1dba6fc11450a13de56378b46287b840b2d964d85fd52b645fa3208fa4d8321000d84db984dd3826c0b706d240
SSDEEP

98304:rHg9JyJCcj1VDwVXK4G0XFn7zQauBMVRVel032mi/3z+6yrCR:DhH5VD+tG0XFnE9lBfR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.exe	vmprotect

Files

7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.zip
.zip
7a1d716159bda1b285725a612902a2ab1c943679306c3a042d412b739f1b9df6.exe
.exe windows x64

5446644b50792a2da17322ed4a5a3770

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5
Signer

Actual PE Digest

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__chkstk
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5446644b50792a2da17322ed4a5a3770

Code Sign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 146KB

.rdata Size: - Virtual size: 172KB

.data Size: - Virtual size: 4.8MB

.pdata Size: - Virtual size: 6KB

INIT Size: - Virtual size: 592B

.vmp0 Size: - Virtual size: 3.0MB

.vmp1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 512B - Virtual size: 168B

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

e4:5c:4a:b7:3b:33:af:72:53:d5:36:d6:43:d8:79:84:03:99:eb:3b:6b:0f:13:a3:80:8b:86:07:51:58:47:e5
Signer

.text
Size: - Virtual size: 146KB

.rdata
Size: - Virtual size: 172KB

.data
Size: - Virtual size: 4.8MB

.pdata
Size: - Virtual size: 6KB

INIT
Size: - Virtual size: 592B

.vmp0
Size: - Virtual size: 3.0MB

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 512B - Virtual size: 168B