8028cfe09e20c3574986f107f4d6c7e4

Sharing

Copy URL Twitter E-mail

General

Target

8028cfe09e20c3574986f107f4d6c7e4
Size

372KB
MD5

8028cfe09e20c3574986f107f4d6c7e4
SHA1

4ac1271ceb8d9c5fadeaf1d1d656de4a44d1d8c3
SHA256

11d374754fd2ab8d5e2c01d597c9ef5f366180b0c47b722ee725a43af643b252
SHA512

0d3f7b2456c1dbe075b6ef04e6726ede2d0663da8f69a06e65f721e9255d6b79ca3dca92dec30dfc1f06cd9323ae565533105b8233d2dc43b952d10b71ce78b3
SSDEEP

6144:XjI2X+GoZmMygnr8rRc37ACW8ayvCKHLLCFUNu80lgGOo:D+GoZm0nr+K7vayaAGWbkb

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

8028cfe09e20c3574986f107f4d6c7e4
.exe windows:5 windows x86 arch:x86

ad9f2ed49c2697bf40c85278dc62134a

Code Sign

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/09/2014, 07:49

Not After

08/09/2015, 07:49

Subject

CN=Open Source Developer\, meicun ge,O=Meicun Ge,C=CN,1.2.840.113549.1.9.1=#0c126d656963756e676540676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:95:53:7b:0f:77:83:ab:0c:db:6e:68:fa:8d:21:0c:57:aa:35:4e
Signer

Actual PE Digest

58:95:53:7b:0f:77:83:ab:0c:db:6e:68:fa:8d:21:0c:57:aa:35:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC

advapi32

GetTokenInformation

shell32

SHParseDisplayName

ole32

CoInitializeSecurity

oleaut32

SysFreeString

gdi32

GetDIBits

ws2_32

ntohl

winhttp

WinHttpConnect

gdiplus

GdiplusStartup

shlwapi

StrCmpIW

Exports

Exports

hardreset

Sections

.text
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad9f2ed49c2697bf40c85278dc62134a

Code Sign

04:7a:53Certificate

Key Usages

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8Certificate

Extended Key Usages

Key Usages

58:95:53:7b:0f:77:83:ab:0c:db:6e:68:fa:8d:21:0c:57:aa:35:4eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 186KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 16KB

.vmp0 Size: - Virtual size: 180KB

.vmp1 Size: 340KB - Virtual size: 339KB

.reloc Size: 512B - Virtual size: 140B

.rsrc Size: 28KB - Virtual size: 27KB

04:7a:53
Certificate

4f:c1:3d:62:20:c6:29:04:3a:26:f8:1b:1c:ad:72:d8
Certificate

58:95:53:7b:0f:77:83:ab:0c:db:6e:68:fa:8d:21:0c:57:aa:35:4e
Signer

.text
Size: - Virtual size: 186KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 16KB

.vmp0
Size: - Virtual size: 180KB

.vmp1
Size: 340KB - Virtual size: 339KB

.reloc
Size: 512B - Virtual size: 140B

.rsrc
Size: 28KB - Virtual size: 27KB