Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Behavioral task
behavioral1
Sample
186ee73e81e15e08dc29a5505008afe8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
186ee73e81e15e08dc29a5505008afe8.exe
Resource
win10v2004-20231215-en
Target
186ee73e81e15e08dc29a5505008afe8
Size
6.4MB
MD5
186ee73e81e15e08dc29a5505008afe8
SHA1
e7d5c5ee29887b9f39a8682e3d5355dd444a6deb
SHA256
0d9eb861d6a0e73acf0b2eaee5e1c25f429b616c1fa6dc2c10b2619c88d60cd7
SHA512
bbaad8d51aa4a5d8d6b40b0ed3bb49ef260f09eba970ae11843340713c1010dd76834a01b23966f2c9aedf707fb4d67e915b5526ea2dd23ffe128a99c6bd7215
SSDEEP
196608:mthgfctYCVCTcurXmAc90TFCQrroAiFshCYrN6:mwKYmke9UCQrME76
| resource | yara_rule |
|---|---|
| sample | vmprotect |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
GetUserNameW
CreateThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
_strdup
__getmainargs
BeginPaint
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
WTSSendMessageW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ