014653d6b17f29083cbb62debb2993fc

Sharing

Copy URL

Twitter E-mail

General

Target

014653d6b17f29083cbb62debb2993fc
Size

8.6MB
MD5

014653d6b17f29083cbb62debb2993fc
SHA1

710416458c5c0e75aa3d836d64d1f4da5f20b2c2
SHA256

c8a40e8a075c7702f16de499dadbe7a8f437579eef39cf980835d111c8cdf173
SHA512

3ecedcfa701541c3fd09f272863a11b39f7217fac86fd5d7b58340bba6fed31fac6bf763173a20cc1dff851d4f448dbadc1e04b26d84a70d833b31dd4468e48e
SSDEEP

196608:pyq4a9r9hPj5hKAeLykkEU7wiMPnH/ELax32OGgVVPqLp29Bn:pyqF15haLyjEU7wzPld2ePqc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

014653d6b17f29083cbb62debb2993fc
.exe windows:5 windows x86 arch:x86

b28bc27be819d66dc93953b481d67436

Code Sign

06:d3:a9:88:78:f4:b9:42:b2:33:0e:e3:94:fc:de:46
Certificate

Issuer

CN=Root

Not Before

17-06-2021 04:39

Not After

31-12-2039 23:59

Subject

CN=Root

1e:27:ac:ad:3d:f0:06:5f:b2:00:88:d6:cd:54:e9:e8
Certificate

Issuer

CN=Root

Not Before

17-06-2021 04:54

Not After

31-12-2039 23:59

Subject

CN=Child

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:e9:d2:5b:ab:1d:19:58:6d:08:66:eb:53:b8:b1:da:d9:a2:39:4d
Signer

Actual PE Digest

37:e9:d2:5b:ab:1d:19:58:6d:08:66:eb:53:b8:b1:da:d9:a2:39:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
GetVersion
GetVersionExA
CreateEventA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

IsRectEmpty

advapi32

RegOpenKeyExA

ws2_32

recvfrom

ole32

CoInitialize

oleaut32

VariantChangeType

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

winmm

waveOutPrepareHeader

gdi32

CreateDIBSection

winspool.drv

ClosePrinter

comdlg32

GetFileTitleA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

Sections

.text
Size: - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 8.6MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b28bc27be819d66dc93953b481d67436

Code Sign

06:d3:a9:88:78:f4:b9:42:b2:33:0e:e3:94:fc:de:46Certificate

1e:27:ac:ad:3d:f0:06:5f:b2:00:88:d6:cd:54:e9:e8Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

37:e9:d2:5b:ab:1d:19:58:6d:08:66:eb:53:b8:b1:da:d9:a2:39:4dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

ole32

oleaut32

msvfw32

avifil32

winmm

gdi32

winspool.drv

comdlg32

shell32

comctl32

Sections

.text Size: - Virtual size: 946KB

.rdata Size: - Virtual size: 2.0MB

.data Size: - Virtual size: 545KB

.vmp0 Size: - Virtual size: 5.8MB

.vmp1 Size: 8.6MB - Virtual size: 8.5MB

.rsrc Size: 8KB - Virtual size: 4KB

06:d3:a9:88:78:f4:b9:42:b2:33:0e:e3:94:fc:de:46
Certificate

1e:27:ac:ad:3d:f0:06:5f:b2:00:88:d6:cd:54:e9:e8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

37:e9:d2:5b:ab:1d:19:58:6d:08:66:eb:53:b8:b1:da:d9:a2:39:4d
Signer

.text
Size: - Virtual size: 946KB

.rdata
Size: - Virtual size: 2.0MB

.data
Size: - Virtual size: 545KB

.vmp0
Size: - Virtual size: 5.8MB

.vmp1
Size: 8.6MB - Virtual size: 8.5MB

.rsrc
Size: 8KB - Virtual size: 4KB