d4b2631ecfb07de9a07ee49f3b91cc20fcea6bd33d57cddafe2497684739605c

Sharing

Copy URL Twitter E-mail

General

Target

d4b2631ecfb07de9a07ee49f3b91cc20fcea6bd33d57cddafe2497684739605c
Size

9.8MB
MD5

c8e56c42e1bb42009a4525b4a39e6a72
SHA1

4585aec1a7aea543b0a6d23d2ce66bd894e0ff66
SHA256

d4b2631ecfb07de9a07ee49f3b91cc20fcea6bd33d57cddafe2497684739605c
SHA512

2eb14a493ed0150a51e4f7ca1090d3005f0696dd44038aaf6f701d73b5e1bd0d87ac1ec7a10acf0c4c1d57be6764e7a19f02f611e27aa5b3a7cf6cddecc2f2d6
SSDEEP

196608:O8g4kfmeX2yjzsZ3M53XDSUBrkDMf5LgyuhAFT584PAZU4z5kQ9bFX:O8sfmemy3k3M5nDSUBrkDs5LgNAFlHPa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

d4b2631ecfb07de9a07ee49f3b91cc20fcea6bd33d57cddafe2497684739605c
.exe windows:6 windows x64 arch:x64

d910780e43eb6473c6ca334d8a16a8af

Code Sign

61:48:bb:d4:2e:17:eb:69:be:82:ba:60:1c:b1:2c:a4
Certificate

Issuer

CN=VMware Inc.,ST=China,C=China,1.2.840.113549.1.9.1=#0c0d31323340676d61696c2e636f6d

Not Before

21/02/2024, 07:51

Not After

30/12/2099, 16:00

Subject

CN=VMware Inc.,ST=China,C=China,1.2.840.113549.1.9.1=#0c0d31323340676d61696c2e636f6d

f9:63:4d:9a:48:d2:c9:81:d0:2c:0c:8b:9c:03:4b:05:e3:d3:b0:da:89:15:76:10:00:91:ef:0f:74:2f:46:05:e8:94:f8:34:13:97:6e:35:5f:4d:c8:5b:99:23:38:79:a1:01:b3:5c:0f:3c:4b:92:d6:92:02:ff:92:8f:4c:ed
Signer

Actual PE Digest

f9:63:4d:9a:48:d2:c9:81:d0:2c:0c:8b:9c:03:4b:05:e3:d3:b0:da:89:15:76:10:00:91:ef:0f:74:2f:46:05:e8:94:f8:34:13:97:6e:35:5f:4d:c8:5b:99:23:38:79:a1:01:b3:5c:0f:3c:4b:92:d6:92:02:ff:92:8f:4c:ed

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.symtab
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d910780e43eb6473c6ca334d8a16a8af

Code Sign

61:48:bb:d4:2e:17:eb:69:be:82:ba:60:1c:b1:2c:a4Certificate

f9:63:4d:9a:48:d2:c9:81:d0:2c:0c:8b:9c:03:4b:05:e3:d3:b0:da:89:15:76:10:00:91:ef:0f:74:2f:46:05:e8:94:f8:34:13:97:6e:35:5f:4d:c8:5b:99:23:38:79:a1:01:b3:5c:0f:3c:4b:92:d6:92:02:ff:92:8f:4c:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 10.3MB

.rdata Size: - Virtual size: 6.7MB

.data Size: - Virtual size: 750KB

.pdata Size: - Virtual size: 229KB

.xdata Size: - Virtual size: 168B

.idata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 186KB

.symtab Size: - Virtual size: 4B

.vmp1 Size: - Virtual size: 2.8MB

.vmp2 Size: 9.8MB - Virtual size: 9.8MB

61:48:bb:d4:2e:17:eb:69:be:82:ba:60:1c:b1:2c:a4
Certificate

f9:63:4d:9a:48:d2:c9:81:d0:2c:0c:8b:9c:03:4b:05:e3:d3:b0:da:89:15:76:10:00:91:ef:0f:74:2f:46:05:e8:94:f8:34:13:97:6e:35:5f:4d:c8:5b:99:23:38:79:a1:01:b3:5c:0f:3c:4b:92:d6:92:02:ff:92:8f:4c:ed
Signer

.text
Size: - Virtual size: 10.3MB

.rdata
Size: - Virtual size: 6.7MB

.data
Size: - Virtual size: 750KB

.pdata
Size: - Virtual size: 229KB

.xdata
Size: - Virtual size: 168B

.idata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 186KB

.symtab
Size: - Virtual size: 4B

.vmp1
Size: - Virtual size: 2.8MB

.vmp2
Size: 9.8MB - Virtual size: 9.8MB