4a5e5b895be68d4fe39925fe0493bfed

Sharing

Copy URL Twitter E-mail

General

Target

4a5e5b895be68d4fe39925fe0493bfed
Size

1.4MB
MD5

4a5e5b895be68d4fe39925fe0493bfed
SHA1

53755dbebae85f1330265622d0d5934579456eb7
SHA256

c0d64ed645e050ed32c17873f160741796424d228c29f76993c8fe18b899457e
SHA512

778eb8699aef8b7df00be50cb6595fab5a7ca2fdf7e589a0f53232a57eb9bda200544ec006d9b775b68db5a0ab4cc82c409623a4adc8d8c3aa32ac808eccd6ec
SSDEEP

24576:vgtOJgkdjkopmlc4j24eowOCG2OXf+y0bSv9sZRu6/gkw7KEndlXz2:vgc5jko0lcy28ApOc6mZRuedEnHz2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4a5e5b895be68d4fe39925fe0493bfed
.dll windows:5 windows x86 arch:x86

304a09845028b2ec7e16c6eb62726743

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/02/2020, 00:00

Not After

03/03/2021, 12:00

Subject

CN=北京探索者软件股份有限公司,O=北京探索者软件股份有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/02/2020, 00:00

Not After

03/03/2021, 12:00

Subject

CN=北京探索者软件股份有限公司,O=北京探索者软件股份有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:c6:90:93:d2:e9:3f:8f:31:c4:76:ff:3d:da:f4:91:f1:a1:37:d3:04:6e:4e:c7:17:0a:90:78:4e:07:b2:56
Signer

Actual PE Digest

7e:c6:90:93:d2:e9:3f:8f:31:c4:76:ff:3d:da:f4:91:f1:a1:37:d3:04:6e:4e:c7:17:0a:90:78:4e:07:b2:56

Digest Algorithm

sha256

PE Digest Matches

true

06:cf:f2:df:18:28:84:37:b5:68:d5:fc:c1:27:96:49:68:3e:59:3c
Signer

Actual PE Digest

06:cf:f2:df:18:28:84:37:b5:68:d5:fc:c1:27:96:49:68:3e:59:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetEnvironmentVariableA
DeleteFileA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
EncodePointer
DecodePointer
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
HeapDestroy
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
CloseHandle
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoW
ReadFile
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
CreateFileA
SetStdHandle
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathIsDirectoryA

user32

MessageBoxW
CharUpperBuffW

Exports

Exports

dc_GBK_2_UTF8
dc_UTF8_2_GBK
dc_char_2_wchar
dc_clean_data
dc_free_buffer
dc_free_wbuffer
dc_get_hwid
dc_get_lic_name
dc_get_pid
dc_init_myutils
dc_refresh_data
dc_save_data
dc_set_key
dc_wchar_2_char

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

304a09845028b2ec7e16c6eb62726743

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7e:c6:90:93:d2:e9:3f:8f:31:c4:76:ff:3d:da:f4:91:f1:a1:37:d3:04:6e:4e:c7:17:0a:90:78:4e:07:b2:56Signer

06:cf:f2:df:18:28:84:37:b5:68:d5:fc:c1:27:96:49:68:3e:59:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

user32

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 15KB

.vmp0 Size: 1.1MB - Virtual size: 1.1MB

.vmp1 Size: 43KB - Virtual size: 42KB

.reloc Size: 13KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:87:23:b5:bb:bf:57:c0:0e:ef:3e:79:d6:d2:d4:43
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7e:c6:90:93:d2:e9:3f:8f:31:c4:76:ff:3d:da:f4:91:f1:a1:37:d3:04:6e:4e:c7:17:0a:90:78:4e:07:b2:56
Signer

06:cf:f2:df:18:28:84:37:b5:68:d5:fc:c1:27:96:49:68:3e:59:3c
Signer

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 15KB

.vmp0
Size: 1.1MB - Virtual size: 1.1MB

.vmp1
Size: 43KB - Virtual size: 42KB

.reloc
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB