miflash_unlock[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

miflash_unlock.exe
Size

4.0MB
MD5

0783293b9bb96d14300b5587309de102
SHA1

d533e3a7cbca76597976b14aab2b32b2d975296d
SHA256

7362fe2521f90e56580420b71070471b92acf420e9689d04c7e122f08735db31
SHA512

6e8a894f368b434ecec737e7f1bc2c18062f4e0f9a741b4b77ba9169173e704941acb776dc61953a220c09cc7ba626c8d385fa9ae009b4b0d12de269e8e984e4
SSDEEP

98304:Ld0gzwfLLK0qs292XxPyC2JxRk4TYcgbFJQoqv97sfXQnKY:WgiK0qs29SxPylJ7k4MceEH97tnKY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

miflash_unlock.exe
.exe windows:5 windows x86

7164b4f0587791401317841e75a2cdae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/07/2015, 00:00

Not After

27/07/2018, 23:59

Subject

CN=Xiaomi Technology Inc,O=Xiaomi Technology Inc,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:c8:af:c0:b9:46:e9:53:e8:0f:9a:89:8a:18:fd:0d:a5:bc:fe:c4
Signer

Actual PE Digest

e6:c8:af:c0:b9:46:e9:53:e8:0f:9a:89:8a:18:fd:0d:a5:bc:fe:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

HideCaret
CharUpperBuffW

shell32

ShellExecuteExW

oleaut32

VarUI4FromStr

dbghelp

MiniDumpWriteDump

gdiplus

GdipImageSelectActiveFrame

rpcrt4

UuidFromStringW

imm32

ImmSetCompositionWindow

winmm

timeBeginPeriod

setupapi

SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent

gdi32

CreateRectRgn

advapi32

CreateProcessAsUserW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

ole32

CoUninitialize

libcurl

curl_free

libeay32

ord3313

version

GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock

wtsapi32

WTSSendMessageW

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7164b4f0587791401317841e75a2cdae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

e6:c8:af:c0:b9:46:e9:53:e8:0f:9a:89:8a:18:fd:0d:a5:bc:fe:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

dbghelp

gdiplus

rpcrt4

imm32

winmm

setupapi

iphlpapi

comctl32

gdi32

advapi32

ole32

libcurl

libeay32

version

userenv

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 821KB

.rdata Size: - Virtual size: 204KB

.data Size: - Virtual size: 37KB

.tls Size: 512B - Virtual size: 2B

.vmp0 Size: - Virtual size: 3.7MB

.vmp1 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 40KB - Virtual size: 40KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

e6:c8:af:c0:b9:46:e9:53:e8:0f:9a:89:8a:18:fd:0d:a5:bc:fe:c4
Signer

.text
Size: - Virtual size: 821KB

.rdata
Size: - Virtual size: 204KB

.data
Size: - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 2B

.vmp0
Size: - Virtual size: 3.7MB

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 40KB - Virtual size: 40KB