02d8a7df4513776d25b5ef56a2dc2f60

Sharing

Copy URL Twitter E-mail

General

Target

02d8a7df4513776d25b5ef56a2dc2f60
Size

6.4MB
MD5

02d8a7df4513776d25b5ef56a2dc2f60
SHA1

f8ccec15f13f66a8da4ac30b918c8ed349b9dc80
SHA256

500e69ba6bfbc180da4d12528413dbbc0efc29aa746d83b1ef6893f4aed5a706
SHA512

d25c23beb6fc7d598e6a75426a9e9cbc67fcc110c3909e9a169a5e8f9038971f671fb427b3f69a35d980a79ef0cae6ae8d67861ccce15dbca76b92c6aa018f3f
SSDEEP

196608:iZLijVpftkhH3H0+NEy5geWNiYWZCAFyubmjRU2pHLd:QLGp83U+iy5BmCZCAk+2pHLd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

02d8a7df4513776d25b5ef56a2dc2f60
.exe windows:5 windows x86 arch:x86

898d2213a85b483d34c574804fb124bd

Code Sign

0d:9b:e4:34:e9:33:6a:80:f5:9a:f2:60:7d:d7:d7:88
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/12/2019, 00:00

Not After

08/12/2021, 12:00

Subject

SERIALNUMBER=91310114MA1GT9FP6N,CN=Shanghai Changzhi Network Technology Co.\, Ltd.,OU=客服部,O=Shanghai Changzhi Network Technology Co.\, Ltd.,POSTALCODE=510665,STREET=天河区中山大道西1132号汇鑫商业大厦417,L=Guangzhou,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:95:a8:57:d0:ac:bb:e0:3d:3b:13:db:13:44:98:30:ea:0e:1a:7b
Signer

Actual PE Digest

01:95:a8:57:d0:ac:bb:e0:3d:3b:13:db:13:44:98:30:ea:0e:1a:7b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameW

kernel32

CreateThread
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

_strdup
__getmainargs

user32

BeginPaint
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898d2213a85b483d34c574804fb124bd

Code Sign

0d:9b:e4:34:e9:33:6a:80:f5:9a:f2:60:7d:d7:d7:88Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

01:95:a8:57:d0:ac:bb:e0:3d:3b:13:db:13:44:98:30:ea:0e:1a:7bSigner

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

wtsapi32

Sections

.text Size: - Virtual size: 9.3MB

.data Size: - Virtual size: 60B

.rdata Size: - Virtual size: 1KB

.eh_fram Size: - Virtual size: 2KB

.bss Size: - Virtual size: 176B

.idata Size: - Virtual size: 4KB

.CRT Size: - Virtual size: 24B

.tls Size: - Virtual size: 32B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.rsrc Size: 128KB - Virtual size: 127KB

0d:9b:e4:34:e9:33:6a:80:f5:9a:f2:60:7d:d7:d7:88
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

01:95:a8:57:d0:ac:bb:e0:3d:3b:13:db:13:44:98:30:ea:0e:1a:7b
Signer

.text
Size: - Virtual size: 9.3MB

.data
Size: - Virtual size: 60B

.rdata
Size: - Virtual size: 1KB

.eh_fram
Size: - Virtual size: 2KB

.bss
Size: - Virtual size: 176B

.idata
Size: - Virtual size: 4KB

.CRT
Size: - Virtual size: 24B

.tls
Size: - Virtual size: 32B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 128KB - Virtual size: 127KB