4f21d26ddb7e2f75f05b09a9d0394a65bef18f6520c8d6b37eba9eedadfd7710[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4f21d26ddb7e2f75f05b09a9d0394a65bef18f6520c8d6b37eba9eedadfd7710.exe
Size

6.3MB
MD5

347e0f187d52f4abac877354dfd1539d
SHA1

8f1e98efbfd1be61f1fd0f89787f014b19651ba4
SHA256

4f21d26ddb7e2f75f05b09a9d0394a65bef18f6520c8d6b37eba9eedadfd7710
SHA512

54ffc9911b8cca85e5208bfae4af69ded091b740e82b9ae8b92baf68575195191ed0ac6aa3f3be7f6fe79d831b2a2091dc3501e77db51134986dd2b40db90abc
SSDEEP

98304:JrQvvKGZ6MulJ2LK4hulR7AWIsVk8QWG1qvoZKMRREaXbGqZAQifd64MNnSs17u:ZyvYXJ2q93VDGVRaQKQCI4MNS27

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

4f21d26ddb7e2f75f05b09a9d0394a65bef18f6520c8d6b37eba9eedadfd7710.exe
.exe windows:5 windows x86 arch:x86

3cacf39ab4d6fb9569cf3d66f6e8ba46

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:1b:5d:74:4c:01:53:b5:42:9d:fa:39:c4:89:a2:f3:72:34:92:45
Signer

Actual PE Digest

5d:1b:5d:74:4c:01:53:b5:42:9d:fa:39:c4:89:a2:f3:72:34:92:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CopyImage
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

Polyline

shell32

SHGetDesktopFolder

msimg32

TransparentBlt

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA

gdiplus

GdipAlloc

oleacc

CreateStdAccessibleObject

imm32

ImmReleaseContext

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

RegEnumKeyExA

ole32

OleCreateMenuDescriptor

oleaut32

SysStringLen

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cacf39ab4d6fb9569cf3d66f6e8ba46

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

5d:1b:5d:74:4c:01:53:b5:42:9d:fa:39:c4:89:a2:f3:72:34:92:45Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msimg32

comctl32

shlwapi

gdiplus

oleacc

imm32

winmm

winspool.drv

comdlg32

advapi32

ole32

oleaut32

wtsapi32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 254KB

.data Size: - Virtual size: 51KB

.vmp0 Size: - Virtual size: 4.4MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 11KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

5d:1b:5d:74:4c:01:53:b5:42:9d:fa:39:c4:89:a2:f3:72:34:92:45
Signer

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 254KB

.data
Size: - Virtual size: 51KB

.vmp0
Size: - Virtual size: 4.4MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB