c76746961d1a3245adb4bed015ab7cb9

Sharing

Copy URL Twitter E-mail

General

Target

c76746961d1a3245adb4bed015ab7cb9
Size

368KB
MD5

c76746961d1a3245adb4bed015ab7cb9
SHA1

254e137971dc25ebcc8009bc93edb21a22068d9b
SHA256

133593d3a271901ea8e27910eb7c57f461b4499405022624233eea318c298399
SHA512

40522a40d84e80ab71c21b64205fd53b6329478b7cf924c05b28e7bcc4b5b7b99a724c03f4c71d4cf732a775540740bfc373e9a53f6daa8736368de9e4ba63f6
SSDEEP

6144:5d/aaGFBfwbtyCR8qe7ohaXQY49Xg9BYvwS26cO/YsFn4CzhhPqxrLJbRy34cfjD:50aGFCb8i8P0Q9GobdkYsphhPqxrNbcx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

c76746961d1a3245adb4bed015ab7cb9
.exe windows:5 windows x86 arch:x86

0819d3af4fa25d168c0543e9d32e78f7

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:08:6d:0b:1a:4e:e0:e2:71:f8:2d:cc:c7:52:33:cb
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/07/2013, 00:00

Not After

01/07/2015, 23:59

Subject

CN=Jagdeependra,OU=tech,O=Jagdeependra,POSTALCODE=333026,STREET=r/o sehi kala,L=chirwa,ST=rajasthan,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:4c:ad:a3:3b:22:05:24:9c:da:e0:eb:e0:05:84:b3:db:5d:35:d4
Signer

Actual PE Digest

3e:4c:ad:a3:3b:22:05:24:9c:da:e0:eb:e0:05:84:b3:db:5d:35:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow

gdi32

StretchBlt

advapi32

GetUserNameW

shell32

SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket

oleaut32

VariantInit

ws2_32

WSACleanup

winhttp

WinHttpQueryHeaders

gdiplus

GdipLoadImageFromStream

shlwapi

StrRChrW

Exports

Exports

?eflmakfil@@YAPA_WPAK@Z

Sections

.text
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0819d3af4fa25d168c0543e9d32e78f7

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

55:08:6d:0b:1a:4e:e0:e2:71:f8:2d:cc:c7:52:33:cbCertificate

Extended Key Usages

Key Usages

3e:4c:ad:a3:3b:22:05:24:9c:da:e0:eb:e0:05:84:b3:db:5d:35:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 170KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 169KB

.vmp1 Size: 337KB - Virtual size: 337KB

.reloc Size: 512B - Virtual size: 320B

.rsrc Size: 26KB - Virtual size: 26KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

55:08:6d:0b:1a:4e:e0:e2:71:f8:2d:cc:c7:52:33:cb
Certificate

3e:4c:ad:a3:3b:22:05:24:9c:da:e0:eb:e0:05:84:b3:db:5d:35:d4
Signer

.text
Size: - Virtual size: 170KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 169KB

.vmp1
Size: 337KB - Virtual size: 337KB

.reloc
Size: 512B - Virtual size: 320B

.rsrc
Size: 26KB - Virtual size: 26KB