b9b75faf65cc2f881f511e55ca75204d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b9b75faf65cc2f881f511e55ca75204d.bin
Size

361KB
MD5

b9b75faf65cc2f881f511e55ca75204d
SHA1

135b791fe289a79bdc589fbfd8582d65bc359a02
SHA256

16ac630a005656af1d9a5c5e7fdde8d4d646763f695c97224437bb7916473398
SHA512

08b38b1de4463150b4ff760bd052e358d1976604be21993544ce14afc6e713ecbb9226bfcb7df4af9ae8968751c148051b7fe71836265646393758f720df6656
SSDEEP

6144:AoIpUtF6x+YcLNFP6e9d74TMWgYCcYwNbUZDlkiPO5KO8dYt4ULAzq:to9xbcLnBX74AuSTG5UE4n

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

b9b75faf65cc2f881f511e55ca75204d.bin
.exe windows:5 windows x86 arch:x86

cf2b4a8a2ba5a9fb67aba30afecfe336

Code Sign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/12/2014, 14:06

Not After

30/12/2015, 14:06

Subject

CN=Luca Marcone,O=Luca Marcone,C=DE,1.2.840.113549.1.9.1=#0c156d6172636f6e656c75636140676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

ad:5e:b0:b1:56:1f:55:7c:7f:bd:d5:3e:11:79:a5:fe:a9:b6:26:ed
Signer

Actual PE Digest

ad:5e:b0:b1:56:1f:55:7c:7f:bd:d5:3e:11:79:a5:fe:a9:b6:26:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseDC

advapi32

RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket

oleaut32

VariantInit

gdi32

CreateCompatibleBitmap

ws2_32

WSACleanup

winhttp

WinHttpSendRequest

gdiplus

GdipGetImageEncoders

shlwapi

PathFileExistsW

Exports

Exports

hardreset

Sections

.text
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf2b4a8a2ba5a9fb67aba30afecfe336

Code Sign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0Certificate

Extended Key Usages

Key Usages

ad:5e:b0:b1:56:1f:55:7c:7f:bd:d5:3e:11:79:a5:fe:a9:b6:26:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdi32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 186KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 16KB

.vmp0 Size: - Virtual size: 176KB

.vmp1 Size: 332KB - Virtual size: 332KB

.reloc Size: 512B - Virtual size: 128B

.rsrc Size: 24KB - Virtual size: 23KB

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

5d:24:06:09:3a:df:d2:5d:da:3f:05:c5:cc:6e:c8:e0
Certificate

ad:5e:b0:b1:56:1f:55:7c:7f:bd:d5:3e:11:79:a5:fe:a9:b6:26:ed
Signer

.text
Size: - Virtual size: 186KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 16KB

.vmp0
Size: - Virtual size: 176KB

.vmp1
Size: 332KB - Virtual size: 332KB

.reloc
Size: 512B - Virtual size: 128B

.rsrc
Size: 24KB - Virtual size: 23KB