5b9ec13e04e482c9969d5eaf51308c1a

Sharing

Copy URL Twitter E-mail

General

Target

5b9ec13e04e482c9969d5eaf51308c1a
Size

6.4MB
MD5

5b9ec13e04e482c9969d5eaf51308c1a
SHA1

ee4729fd26574cb1f030c4fa87601090abff90e0
SHA256

b1439ef7b8fddd9cdc512d65a8ffb25cbdd588d0de8b5291c9de059e7db67b3b
SHA512

9e5318309ebd0f74535a974843e88bf5f57c46ae5c6879bb087b1bc398d4541fb0a71be66c9e45561a3b60f5caa088685aacc6ecef9d841c7cf9a600eb4188f3
SSDEEP

196608:3iqSwnS2llhmrRwJ/yrzYQtcZkQZUHc0LogO:3ivwS2llttyrU2c9H0EgO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

5b9ec13e04e482c9969d5eaf51308c1a
.exe windows:5 windows x86 arch:x86

898d2213a85b483d34c574804fb124bd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:0b:a8:77:da:f7:88:a0:04:8d:04:a8:5b:1f:6e:ca
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/06/2020, 00:00

Not After

02/07/2021, 12:00

Subject

CN=Skylum Software USA\, Inc.,O=Skylum Software USA\, Inc.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:67:bd:87:92:42:a9:68:ae:8b:6c:1a:9d:a3:23:3f:aa:c1:d0:7c
Signer

Actual PE Digest

3d:67:bd:87:92:42:a9:68:ae:8b:6c:1a:9d:a3:23:3f:aa:c1:d0:7c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameW

kernel32

CreateThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

_strdup
__getmainargs

user32

BeginPaint
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898d2213a85b483d34c574804fb124bd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:0b:a8:77:da:f7:88:a0:04:8d:04:a8:5b:1f:6e:caCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

3d:67:bd:87:92:42:a9:68:ae:8b:6c:1a:9d:a3:23:3f:aa:c1:d0:7cSigner

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

wtsapi32

Sections

.text Size: - Virtual size: 9.1MB

.data Size: - Virtual size: 60B

.rdata Size: - Virtual size: 1KB

.eh_fram Size: - Virtual size: 2KB

.bss Size: - Virtual size: 176B

.idata Size: - Virtual size: 4KB

.CRT Size: - Virtual size: 24B

.tls Size: - Virtual size: 32B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.rsrc Size: 149KB - Virtual size: 148KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:0b:a8:77:da:f7:88:a0:04:8d:04:a8:5b:1f:6e:ca
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

3d:67:bd:87:92:42:a9:68:ae:8b:6c:1a:9d:a3:23:3f:aa:c1:d0:7c
Signer

.text
Size: - Virtual size: 9.1MB

.data
Size: - Virtual size: 60B

.rdata
Size: - Virtual size: 1KB

.eh_fram
Size: - Virtual size: 2KB

.bss
Size: - Virtual size: 176B

.idata
Size: - Virtual size: 4KB

.CRT
Size: - Virtual size: 24B

.tls
Size: - Virtual size: 32B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 149KB - Virtual size: 148KB