52b1610985bdaa37400f4119ffedef75

Sharing

Copy URL Twitter E-mail

General

Target

52b1610985bdaa37400f4119ffedef75
Size

660KB
MD5

52b1610985bdaa37400f4119ffedef75
SHA1

884e0d5458e7af20372e467bcdb884d643799d2d
SHA256

86fe1ef865772f4606518c9dc9439422b8f4c88c656ad47e7491edf6e9a6bd15
SHA512

b3fdbf41e41c06b69daeaaaac99fa0c999568699342653e14dfeb3fa9334f0f62a5ca4bae7cf3d512947cc827cf27f066b7c30df17d6c95d89f982eb93590550
SSDEEP

12288:w6mNmRHtG2rcfDf+/Z0G/uIMPCs38aHMr+Eu6Kzx2QXdmaH3nn4u28FewfaLCgx:w6wm3G2p/RAaisr+V6Kd9FXnv285YN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

52b1610985bdaa37400f4119ffedef75
.dll windows:4 windows x86 arch:x86

2f00d2ffc0b18b1c7f5eb3d695f3e071

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:93:47:e6:1d:ec:6f:63:98:d4:d4:6b:f7:32:65:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/05/2015, 00:00

Not After

18/05/2016, 23:59

Subject

CN=新疆亿事联网络科技有限公司,O=新疆亿事联网络科技有限公司,L=乌鲁木齐市,ST=新疆省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:aa:67:50:84:8d:7d:ce:5b:26:64:1d:25:5c:03:b1:ae:16:0e:e7
Signer

Actual PE Digest

56:aa:67:50:84:8d:7d:ce:5b:26:64:1d:25:5c:03:b1:ae:16:0e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
GetSystemDirectoryA
WriteFile
Sleep
CreateToolhelp32Snapshot
Process32First
Process32Next
VirtualQuery
FlushFileBuffers
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateFileA
CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

OpenServiceA
CreateServiceA
StartServiceA
RegCreateKeyExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
CloseServiceHandle

msvcrt

_adjust_fdiv
_initterm
malloc
free
_stricmp

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CertCreateCertificateContext
CryptStringToBinaryA
CertFreeCertificateContext

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 644KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f00d2ffc0b18b1c7f5eb3d695f3e071

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

03:93:47:e6:1d:ec:6f:63:98:d4:d4:6b:f7:32:65:6cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

56:aa:67:50:84:8d:7d:ce:5b:26:64:1d:25:5c:03:b1:ae:16:0e:e7Signer

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

crypt32

Sections

.text Size: - Virtual size: 3KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 13KB

.vmp1 Size: 644KB - Virtual size: 640KB

.reloc Size: 4KB - Virtual size: 272B

.rsrc Size: 4KB - Virtual size: 577KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

03:93:47:e6:1d:ec:6f:63:98:d4:d4:6b:f7:32:65:6c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

56:aa:67:50:84:8d:7d:ce:5b:26:64:1d:25:5c:03:b1:ae:16:0e:e7
Signer

.text
Size: - Virtual size: 3KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 13KB

.vmp1
Size: 644KB - Virtual size: 640KB

.reloc
Size: 4KB - Virtual size: 272B

.rsrc
Size: 4KB - Virtual size: 577KB