c0d12bdbf0ff1453f2150ea7020fd6a3718eea2e967b9b38daad9e11d0f6acf0

Sharing

Copy URL

Twitter E-mail

General

Target

c0d12bdbf0ff1453f2150ea7020fd6a3718eea2e967b9b38daad9e11d0f6acf0
Size

3.7MB
MD5

1bac58cb3006c69b80f9fc02ee9f2cb8
SHA1

c08960240ea9c5573bbf65d4d7b07b9041ee1098
SHA256

c0d12bdbf0ff1453f2150ea7020fd6a3718eea2e967b9b38daad9e11d0f6acf0
SHA512

fc1c737d9c5bbba6fc5f4f969ff2567e46e19e98345d75d8044ea056d791c5cd93dcfcfd2fcfc845d0a492e0bcce523c8922f0eaa3bcd499ca69d21c187b7df2
SSDEEP

98304:z0wbRR1WHT2Sdl3wDngEqTiAcQIuQWMB5fgI:V1U2ul3ws9QWUP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

c0d12bdbf0ff1453f2150ea7020fd6a3718eea2e967b9b38daad9e11d0f6acf0
.dll windows:6 windows x86 arch:x86

04ebf7a555e887138e60021b183f81c3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:36:db:17:c5:fd:14:be:66:4e:7a:f7:aa:a3:ea:d8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2023, 00:00

Not After

23/06/2024, 23:59

Subject

CN=Lenovo (Beijing) Co.\, Ltd.,OU=G07,O=Lenovo (Beijing) Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:dd:64:66:af:7c:f7:5d:16:24:51:29:78:f8:03:04:44:73:8f:a0:56:61:85:55:26:f8:c9:b6:05:3b:e2:ee
Signer

Actual PE Digest

14:dd:64:66:af:7c:f7:5d:16:24:51:29:78:f8:03:04:44:73:8f:a0:56:61:85:55:26:f8:c9:b6:05:3b:e2:ee

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ConvertSidToStringSidW

shell32

ord165

ole32

CoCreateInstance

oleaut32

SysAllocString

ntdll

NtQuerySystemInformation

shlwapi

PathRemoveFileSpecW

userenv

ExpandEnvironmentStringsForUserW

wtsapi32

WTSFreeMemory
WTSSendMessageW

bcrypt

BCryptDestroyKey

msi

ord217

wininet

InternetOpenUrlW

fltlib

FilterGetMessage

dbghelp

SymFromNameW

Sections

.text
Size: - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ebf7a555e887138e60021b183f81c3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:36:db:17:c5:fd:14:be:66:4e:7a:f7:aa:a3:ea:d8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

14:dd:64:66:af:7c:f7:5d:16:24:51:29:78:f8:03:04:44:73:8f:a0:56:61:85:55:26:f8:c9:b6:05:3b:e2:eeSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

userenv

wtsapi32

bcrypt

msi

wininet

fltlib

dbghelp

Sections

.text Size: - Virtual size: 439KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: - Virtual size: 16KB

.vmp0 Size: - Virtual size: 2.2MB

.vmp1 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:36:db:17:c5:fd:14:be:66:4e:7a:f7:aa:a3:ea:d8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

14:dd:64:66:af:7c:f7:5d:16:24:51:29:78:f8:03:04:44:73:8f:a0:56:61:85:55:26:f8:c9:b6:05:3b:e2:ee
Signer

.text
Size: - Virtual size: 439KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: - Virtual size: 16KB

.vmp0
Size: - Virtual size: 2.2MB

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB