02e8462b96159b91b27b0b7c7c65cc2ddb35d113b0ce0b28b3bf7c793fa1f560

Sharing

Copy URL Twitter E-mail

General

Target

02e8462b96159b91b27b0b7c7c65cc2ddb35d113b0ce0b28b3bf7c793fa1f560
Size

1.1MB
MD5

d2d56f196e842d0a82664e5d4e25ec68
SHA1

e2e33474fbe4f1874ec9ddf5d5057a4ab90cb5d8
SHA256

02e8462b96159b91b27b0b7c7c65cc2ddb35d113b0ce0b28b3bf7c793fa1f560
SHA512

f4d1757fc5144c6ad6aeaa97b24788883f21e46542f1cc559bbc77a4484bfb1bc449e4570cea86cfcf81064aed8a22b385bfffa6de353360b0019c3f5286108f
SSDEEP

24576:YXIaEN+lZ+IRBNjTAb6quQEwJMbyRxx52G31oBr:Y2NCZ+Em7LEwOePp1oBr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

02e8462b96159b91b27b0b7c7c65cc2ddb35d113b0ce0b28b3bf7c793fa1f560
.exe windows:4 windows x86

42c013ea5246728515d306f0193ac957

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/11/2013, 00:00

Not After

09/02/2017, 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=TECHNOLOGY PRODUCTS DEPARTMENT,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:6d:8c:6d:05:1a:5b:53:db:95:04:11:a2:a2:c0:5e
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

09/02/2017, 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=TECHNOLOGY PRODUCTS DEPARTMENT,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:ac:14:7c:c7:7d:2f:df:63:25:a9:66:cc:e6:2a:0a:58:0f:34:4d:7f:58:20:93:1a:df:4b:c8:b8:60:23:be
Signer

Actual PE Digest

62:ac:14:7c:c7:7d:2f:df:63:25:a9:66:cc:e6:2a:0a:58:0f:34:4d:7f:58:20:93:1a:df:4b:c8:b8:60:23:be

Digest Algorithm

sha256

PE Digest Matches

false

70:bb:bf:df:3e:7e:91:30:e0:d4:4c:db:23:ad:3a:65:cc:59:2b:62
Signer

Actual PE Digest

70:bb:bf:df:3e:7e:91:30:e0:d4:4c:db:23:ad:3a:65:cc:59:2b:62

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetMenuItemCount
MessageBoxA

gdi32

CreatePalette

winmm

midiStreamRestart

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ImageList_Destroy

ws2_32

recvfrom

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42c013ea5246728515d306f0193ac957

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

22:6d:8c:6d:05:1a:5b:53:db:95:04:11:a2:a2:c0:5eCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

62:ac:14:7c:c7:7d:2f:df:63:25:a9:66:cc:e6:2a:0a:58:0f:34:4d:7f:58:20:93:1a:df:4b:c8:b8:60:23:beSigner

70:bb:bf:df:3e:7e:91:30:e0:d4:4c:db:23:ad:3a:65:cc:59:2b:62Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: - Virtual size: 626KB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 271KB

.rsrc Size: 8KB - Virtual size: 22KB

.vmp0 Size: - Virtual size: 159KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 4KB - Virtual size: 204B

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:c1:8f:66:01:63:3d:ae:52:ff:d9:a4:fa:16:2f:40
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

22:6d:8c:6d:05:1a:5b:53:db:95:04:11:a2:a2:c0:5e
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

62:ac:14:7c:c7:7d:2f:df:63:25:a9:66:cc:e6:2a:0a:58:0f:34:4d:7f:58:20:93:1a:df:4b:c8:b8:60:23:be
Signer

70:bb:bf:df:3e:7e:91:30:e0:d4:4c:db:23:ad:3a:65:cc:59:2b:62
Signer

.text
Size: - Virtual size: 626KB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 271KB

.rsrc
Size: 8KB - Virtual size: 22KB

.vmp0
Size: - Virtual size: 159KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 4KB - Virtual size: 204B