31b251d64178cf288efb6e744c5049cee285671b046ab07555a482e0a3081972

Sharing

Copy URL

Twitter E-mail

General

Target

31b251d64178cf288efb6e744c5049cee285671b046ab07555a482e0a3081972
Size

7.5MB
MD5

e9f24ba7164d371a83229e8fc5ededac
SHA1

b0c499cc7059e1bce54e3a51bd21a790e3904cbb
SHA256

31b251d64178cf288efb6e744c5049cee285671b046ab07555a482e0a3081972
SHA512

94a3d6fd5476f628be9de09c7778e98e261df312ead2569355a56111711ec43e5a25c226e13d6251fdfea6cfe6cd0bd97a4daaba07ab28b63b7c8832320276c0
SSDEEP

196608:0m0Kaw9kYfmi8JD8b2q620Spubhky3ogp0taeMK2/:t0Kaw93fmR3c0SSky3o+0seMKM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Install.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/prnfldr.dll

Files

31b251d64178cf288efb6e744c5049cee285671b046ab07555a482e0a3081972
.zip
Install.exe
.exe windows:6 windows x86

20fcca9c4f6d6a96b55e9305c9ac59ff

Code Sign

4f:db:ea:21:70:f2:c1:81:44:a4:10:93:99:42:5e:77
Certificate

Issuer

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (10200rpm) 6072Mb 1.5 Rtl

Not Before

19/01/2023, 16:03

Not After

20/01/2033, 16:03

Subject

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (10200rpm) 6072Mb 1.5 Rtl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:03:ee:19:3a:c3:29:5a:a0:0f:0e:a9:51:83:ba:27:3a:66:0c:1e:23:8c:90:a7:3f:33:89:eb:e7:74:b6:34
Signer

Actual PE Digest

4b:03:ee:19:3a:c3:29:5a:a0:0f:0e:a9:51:83:ba:27:3a:66:0c:1e:23:8c:90:a7:3f:33:89:eb:e7:74:b6:34

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
lstrlenA
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
Sleep
GetModuleHandleExA
GetFileAttributesA
GetBinaryTypeA
QueryFullProcessImageNameA
GetSystemDirectoryA
GlobalAlloc
lstrcpyA
SetFileAttributesA
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcAddress
lstrcpynA
GetProcessHeap
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
FindClose
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileA
GetLastError
CreateFileW
SetFilePointer
WriteFile
UnlockFileEx
ReadFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
SetFilePointerEx
GetFileInformationByHandleEx
QueryPerformanceFrequency
LCMapStringEx
EncodePointer
DecodePointer
GetCPInfo
GetStringTypeW
SetLastError
GetThreadTimes
GetCurrentThread
InterlockedPushEntrySList
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
IsValidCodePage
VirtualQuery
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
prnfldr.dll
.dll regsvr32 windows:10 windows x86

10c64957194e6ae79c80652183d62334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
_except_handler4_common
??1type_info@@UAE@XZ
_lock
free
??1exception@@UAE@XZ
_unlock
memmove
__dllonexit
_CxxThrowException
_onexit
memcmp
?what@exception@@UBEPBDXZ
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
_wtoi
_vsnwprintf
wcschr
??3@YAXPAX@Z
_wcsicmp
memcpy
memset

oleaut32

SysAllocString
VariantClear
SysFreeString
SysStringLen
VariantCopy
SysAllocStringLen
VariantInit

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
InitializeSRWLock
DeleteCriticalSection
SetEvent
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
InitializeCriticalSection
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadStringW
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadStringA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
InitOnceExecuteOnce
WakeAllConditionVariable

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-com-l1-1-0

CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CLSIDFromProgID

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-path-l1-1-0

PathIsUNCEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ole32

ReleaseStgMedium
CreateBindCtx

gdi32

DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleDC

user32

SetMenuInfo
SendNotifyMessageW
GetAncestor
ReleaseDC
GetDC
GetMenuItemCount
RegisterClipboardFormatW
DestroyMenu
PostMessageW
SetForegroundWindow
GetSubMenu
LoadMenuW
RemoveMenu
SetMenuDefaultItem
SetMenuItemInfoW
DeleteMenu
GetMenuItemInfoW
DestroyIcon
GetSystemMetrics
GetMenuInfo
TrackPopupMenuEx

shell32

ord256
ord67
ShellExecuteExW
SHCreateDefaultContextMenu
AssocGetDetailsOfPropKey
ord19
ord100
ord155
SHGetIconOverlayIndexW
SHChangeNotify
ord25
ord18
SHGetKnownFolderIDList
SHCreateShellItemArrayFromIDLists
ShellExecuteW
SHCreateDataObject
ord102
SHBindToParent
ord147
SHBindToObject
ord190
SHGetFolderLocation
ord744
ord76
ord237
ord702
SHCreateDefaultExtractIcon
ord264
ord69
ord172
ord866

ntdll

NtQueryInformationToken
WinSqmAddToStream
WinSqmIncrementDWORD

shlwapi

ord437
ord256
ord388
ord16
ord176
ord219
StrChrW
IntlStrEqWorkerW
StrCmpIW
ord619
StrStrIW
PathRemoveBlanksW
SHStrDupW
AssocCreate
ord158
ord157
SHRegGetValueW
ord217
StrDupW
StrRetToBufW
ord236
PathFindFileNameW
ord186
ord209
ord197
ord211
ord210
ord208

propsys

PSFormatForDisplay
VariantToPropVariant
InitVariantFromResource
VariantToBuffer

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20fcca9c4f6d6a96b55e9305c9ac59ff

Code Sign

4f:db:ea:21:70:f2:c1:81:44:a4:10:93:99:42:5e:77Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4b:03:ee:19:3a:c3:29:5a:a0:0f:0e:a9:51:83:ba:27:3a:66:0c:1e:23:8c:90:a7:3f:33:89:eb:e7:74:b6:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wtsapi32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

.vmp0 Size: - Virtual size: 4.1MB

.vmp1 Size: 6.7MB - Virtual size: 6.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

10c64957194e6ae79c80652183d62334

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

ole32

gdi32

user32

shell32

ntdll

shlwapi

propsys

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 7KB

4f:db:ea:21:70:f2:c1:81:44:a4:10:93:99:42:5e:77
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4b:03:ee:19:3a:c3:29:5a:a0:0f:0e:a9:51:83:ba:27:3a:66:0c:1e:23:8c:90:a7:3f:33:89:eb:e7:74:b6:34
Signer

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

.vmp0
Size: - Virtual size: 4.1MB

.vmp1
Size: 6.7MB - Virtual size: 6.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB