cfe0e1f938ff348624bf02a2b247c8be27649e532bfd5b99a8b55a29e4eb9af5

Sharing

Copy URL Twitter E-mail

General

Target

cfe0e1f938ff348624bf02a2b247c8be27649e532bfd5b99a8b55a29e4eb9af5
Size

11.6MB
MD5

2a01a8ca91dc26458b968b4210a8e2e4
SHA1

150029e11a9b8266efd5a946341a68a2ef1a3e59
SHA256

cfe0e1f938ff348624bf02a2b247c8be27649e532bfd5b99a8b55a29e4eb9af5
SHA512

1f2309fce631692889933b5fc85df0341b4d3c83f66b4e325790141fafc9300cc53eeed098fd33fa69861c00a2ced218e3d589c2bb6c75c0c2a458363d43adc8
SSDEEP

196608:tEFdeG0RxMXmsZ1gLB0T32ZpJm3loG5idVvUExVTEo4yrriQGele0C:67sHMpZ1I+K41x5iHRVTLrruIle0C

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

cfe0e1f938ff348624bf02a2b247c8be27649e532bfd5b99a8b55a29e4eb9af5
.exe windows:5 windows x86 arch:x86

b1429d36d5cd66ab90e0e9407960f832

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ba:6d:5e:8a:52:ef:25:09:b1:a9:54:c2:7e:ac:e8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/02/2021, 00:00

Not After

30/04/2024, 23:59

Subject

CN=Shenzhen Fortune Trend technology Co.\, Ltd,O=Shenzhen Fortune Trend technology Co.\, Ltd,L=Shenzhen,ST=guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e5:60:91:58:f2:b8:10:c1:95:b1:37:2e:97:e0:16:6a:02:97:85:78
Signer

Actual PE Digest

e5:60:91:58:f2:b8:10:c1:95:b1:37:2e:97:e0:16:6a:02:97:85:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA

comctl32

_TrackMouseEvent

gdi32

BeginPath

imm32

ImmSimulateHotKey

kernel32

FindClose
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msimg32

AlphaBlend

msvcp100

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

msvcr100

_except_handler4_common

oleaut32

SysFreeString

psapi

GetProcessMemoryInfo

shell32

SHChangeNotify

tbeauty

TBeauty_DeleteTdxTab

tcalc

?GetIndexNo@CMainCalcInterface@@QAEJEPAD@Z

tcontrol

?FindElem@CMarkup@@QAE_NUMCD_CSTR@@@Z

tgear

GetTdxPYStr

tjyaid

GetWtDefInfoFromETradeXML_More

tmarquee

DelMarquee

tqqcalc

TQQCalc_Yhbdl

tdxasiocomm

?MakeUserCommModule@@YAPAVVUserComm@@XZ

user32

GetForegroundWindow

viewthem

?INFO_SetLoginName@@YAXQADKD0@Z

winmm

PlaySoundA

ws2_32

WSAStartup

wsock32

recv

gdiplus

GdipSetPenDashOffset

invest

?PopupInvestDlg@@YAXXZ

mfc100

ord2289

ole32

CoUninitialize

Sections

.text
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SCY
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1429d36d5cd66ab90e0e9407960f832

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:ba:6d:5e:8a:52:ef:25:09:b1:a9:54:c2:7e:ac:e8Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

e5:60:91:58:f2:b8:10:c1:95:b1:37:2e:97:e0:16:6a:02:97:85:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

imm32

kernel32

msimg32

msvcp100

msvcr100

oleaut32

psapi

shell32

tbeauty

tcalc

tcontrol

tgear

tjyaid

tmarquee

tqqcalc

tdxasiocomm

user32

viewthem

winmm

ws2_32

wsock32

gdiplus

invest

mfc100

ole32

Sections

.text Size: - Virtual size: 6.4MB

.rdata Size: - Virtual size: 916KB

.data Size: - Virtual size: 6.5MB

.vmp0 Size: - Virtual size: 2.0MB

.vmp1 Size: - Virtual size: 1.3MB

.reloc Size: - Virtual size: 8KB

.rsrc Size: 261KB - Virtual size: 3.0MB

.SCY Size: - Virtual size: 28KB

.vmp0 Size: - Virtual size: 6.0MB

.vmp1 Size: 11.3MB - Virtual size: 11.3MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:ba:6d:5e:8a:52:ef:25:09:b1:a9:54:c2:7e:ac:e8
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

e5:60:91:58:f2:b8:10:c1:95:b1:37:2e:97:e0:16:6a:02:97:85:78
Signer

.text
Size: - Virtual size: 6.4MB

.rdata
Size: - Virtual size: 916KB

.data
Size: - Virtual size: 6.5MB

.vmp0
Size: - Virtual size: 2.0MB

.vmp1
Size: - Virtual size: 1.3MB

.reloc
Size: - Virtual size: 8KB

.rsrc
Size: 261KB - Virtual size: 3.0MB

.SCY
Size: - Virtual size: 28KB

.vmp0
Size: - Virtual size: 6.0MB

.vmp1
Size: 11.3MB - Virtual size: 11.3MB