e193300c5fb92d3991971809d996b03d

Sharing

Copy URL Twitter E-mail

General

Target

e193300c5fb92d3991971809d996b03d
Size

195KB
MD5

e193300c5fb92d3991971809d996b03d
SHA1

d64aceb74715f0cc7981cdc2747e4d4b2ba287e6
SHA256

1a1be72205f66ec1901599b9af0dc6a866d08e5b581a587bebf3eb0ef6db1b88
SHA512

5eabb0b4db4cb1285a075316a32b716bf8c166c4509287e081a6494745a54cb56b82bce4492aea5584dce23394a65c1533c4e903a604e11d2ae8b6307ff6dc75
SSDEEP

3072:J1+v8PAQaUKf71j/QpwLlBK2ZEycA1RQPy7s7EOMgO4iszr3kuMK:J1eQ3Kfpj/iCZFc27s7msd1MK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

e193300c5fb92d3991971809d996b03d
.dll windows:4 windows x86 arch:x86

c113f8fbb9519b6dff77953bfcb87084

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

35:f7:69:32:74:2c:2d:92:89:0d:39:32:4e:f5:41:26:cf:67:ab:cc
Signer

Actual PE Digest

35:f7:69:32:74:2c:2d:92:89:0d:39:32:4e:f5:41:26:cf:67:ab:cc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
PathFileExistsA

kernel32

FindResourceA
DeleteFileA
WideCharToMultiByte
TerminateProcess
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
InitializeCriticalSection
CreateMutexA
GlobalUnlock
GlobalLock
LeaveCriticalSection
GetCurrentProcessId
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
FreeLibraryAndExitThread
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
GetLocaleInfoW
SizeofResource
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
GetOEMCP
GetACP
GetCPInfo
ExitProcess
EnterCriticalSection
DeleteCriticalSection
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
RtlUnwind
LoadResource
Sleep
GetFileSize
ReadFile
VirtualFree
GetWindowsDirectoryA
CreateFileA
SetFilePointer
WriteFile
GetLocalTime
CloseHandle
GetLastError
VirtualAlloc
CreateThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
GlobalAlloc
GlobalFree
lstrlenA

user32

DialogBoxParamA
EndDialog
wsprintfA
MessageBoxA
GetWindowLongA
FindWindowA
FindWindowExA
GetWindowThreadProcessId
SendMessageA
IsWindowVisible
GetClassNameA
GetSystemMetrics
IsRectEmpty
ShowWindow
MoveWindow
GetWindowRect
keybd_event
mouse_event
SetCursorPos
GetCursorPos
GetKeyState
PostQuitMessage
EndPaint
SetActiveWindow
CallWindowProcA
ScreenToClient
SetFocus
BeginPaint
PtInRect
DefWindowProcA
TranslateMessage
DispatchMessageA
GetMessageA
SetWindowsHookExA
IsWindow
CallNextHookEx
SetForegroundWindow
CloseWindow
DestroyWindow
SetWindowLongA
UnhookWindowsHookEx
GetForegroundWindow
DestroyCaret
CreateCaret
SetCaretPos
ShowCaret
DrawTextA
GetDC
ReleaseDC
EnumChildWindows
GetWindowTextA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
UpdateWindow
GetDlgItem

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDCA
GetCharWidthA
GetSystemPaletteEntries
GetDeviceCaps
TextOutA
BitBlt
GetStockObject
DeleteDC
GetDIBits
DeleteObject

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

dnsapi

DnsRecordListFree
DnsQuery_A

ws2_32

setsockopt
ioctlsocket
select
inet_addr
WSAStartup
WSACleanup
socket
htons
inet_ntoa
connect
gethostname
closesocket
send
recv
gethostbyname

psapi

EnumProcesses
GetModuleFileNameExA
EnumProcessModules

wininet

HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c113f8fbb9519b6dff77953bfcb87084

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

35:f7:69:32:74:2c:2d:92:89:0d:39:32:4e:f5:41:26:cf:67:ab:ccSigner

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

dnsapi

ws2_32

psapi

wininet

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 229KB

Shared Size: 4KB - Virtual size: 1KB

.rsrc Size: 44KB - Virtual size: 41KB

.vmp0 Size: 12KB - Virtual size: 9KB

.vmp1 Size: 20KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 4KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

35:f7:69:32:74:2c:2d:92:89:0d:39:32:4e:f5:41:26:cf:67:ab:cc
Signer

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 229KB

Shared
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 41KB

.vmp0
Size: 12KB - Virtual size: 9KB

.vmp1
Size: 20KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 4KB