97f1fd585a4028db97a306a142a507d7

Sharing

Copy URL Twitter E-mail

General

Target

97f1fd585a4028db97a306a142a507d7
Size

3.2MB
MD5

97f1fd585a4028db97a306a142a507d7
SHA1

10a22d12c597cf49cdc4c32598b0d57ff0195102
SHA256

7b62b8b45881dd3dc01e5aa66453e50314740de648fb55e27e41fff86c7b1f84
SHA512

2a651cc9f76ade774a4c323efbfce4321d4d69f0c54678565d4e30f269f58c41d7e63b8c2951a1267c49757814715ffae9f0f536bef48c03076b9366a6e97acb
SSDEEP

49152:siJfcq0rPFAFseMWXpIIR28D4dSz8V4mW9YaUVF8vRFqTf0dnBVblFMAVHoVNh6:3n0ZVLWXpLJD4I8V8SnOOTf09JFMd6

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

97f1fd585a4028db97a306a142a507d7
.sys windows:10 windows x64 arch:x64

8fc42e34e166c4fad5b06dc5083617de

Code Sign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:3b:c7:91:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:15

Not After

15/04/2021, 20:25

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/12/2014, 14:06

Not After

30/12/2015, 14:06

Subject

CN=Luca Marcone,O=Luca Marcone,C=DE,1.2.840.113549.1.9.1=#0c156d6172636f6e656c75636140676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

4a:90:e3:74:38:d6:9c:df:12:e6:b6:04:c3:0a:50:5d:26:38:07:85
Signer

Actual PE Digest

4a:90:e3:74:38:d6:9c:df:12:e6:b6:04:c3:0a:50:5d:26:38:07:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netio.sys

WskCaptureProviderNPI

ntoskrnl.exe

RtlCaptureContext
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

wdfldr.sys

WdfVersionBindClass

hal

KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fc42e34e166c4fad5b06dc5083617de

Code Sign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

61:3b:c7:91:00:00:00:00:00:34Certificate

Key Usages

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0Certificate

Extended Key Usages

Key Usages

4a:90:e3:74:38:d6:9c:df:12:e6:b6:04:c3:0a:50:5d:26:38:07:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

netio.sys

ntoskrnl.exe

wdfldr.sys

hal

Sections

.text Size: - Virtual size: 21KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 684B

INIT Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 2.0MB

.vmp1 Size: 512B - Virtual size: 8B

.vmp2 Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 512B - Virtual size: 184B

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

61:3b:c7:91:00:00:00:00:00:34
Certificate

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0
Certificate

4a:90:e3:74:38:d6:9c:df:12:e6:b6:04:c3:0a:50:5d:26:38:07:85
Signer

.text
Size: - Virtual size: 21KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 684B

INIT
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 2.0MB

.vmp1
Size: 512B - Virtual size: 8B

.vmp2
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 512B - Virtual size: 184B