108664291435a62038bb7c3c69d78a85c46215835325a30ef85527ccfaf16acc

Sharing

Copy URL Twitter E-mail

General

Target

108664291435a62038bb7c3c69d78a85c46215835325a30ef85527ccfaf16acc
Size

11.2MB
MD5

e2acd1cc87b5af820402d3b9f87d27ef
SHA1

b3b65bcdd5435046360acc1b3ae4737ca1d9cb4f
SHA256

108664291435a62038bb7c3c69d78a85c46215835325a30ef85527ccfaf16acc
SHA512

6e7197d4a98f019dc608a6d7d0a970ac06c73db2a3673ce24f54d58468bc5854404d223f292a5b11b23808c3209ebea2b8d930258aa40f1afa25a1fc14910ae9
SSDEEP

196608:bkZXbTcUkMwV+IwmYuivLNNSDeIm7LVq2L1TY/C0CQZBhZyqHmLNui0Z:bgXbTcLbQIwpu2Pc2Lm/VRZwqauH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/沐言脚本9-30.exe	vmprotect

Files

108664291435a62038bb7c3c69d78a85c46215835325a30ef85527ccfaf16acc
.zip
常见问题解答指南.txt
打开沐言脚本官网地址.url
斜谷诡兵阵设计器点位图.jpg
.jpg
沐言脚本9-30.exe
.exe windows:4 windows x86 arch:x86

b81079f03aee7551cd3bdd724287ead5

Code Sign

0f:2a:d6:44:4f:c4:dd:8b:48:d7:07:a1:94:03:11:4e
Certificate

Issuer

CN=Symantec Time Stamping Services Signer - G4,ST=Hubei,C=China,1.2.840.113549.1.9.1=#1300

Not Before

13/03/2021, 10:16

Not After

12/03/2022, 16:00

Subject

CN=福州创意嘉和软件有限公司

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:e6:3a:c9:92:ef:67:ba
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/09/2020, 07:00

Not After

09/09/2025, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ce:cc:d8:f7:fd:65:43:95:72:74:53:f9:36:b5:5c:4f:e2:a6:dd:2a
Signer

Actual PE Digest

ce:cc:d8:f7:fd:65:43:95:72:74:53:f9:36:b5:5c:4f:e2:a6:dd:2a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord807

msvcrt

__getmainargs

kernel32

GlobalSize
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics
MessageBoxA

gdi32

RoundRect

advapi32

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_GetImageInfo

ole32

CLSIDFromString

oleaut32

SysAllocStringByteLen

urlmon

URLDownloadToFileA

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

winmm

PlaySoundA

wininet

DeleteUrlCacheEntry

shlwapi

SHDeleteKeyA

ws2_32

gethostbyname

rpcrt4

RpcStringFreeA

imagehlp

MakeSureDirectoryPathExists

dinput8

DirectInput8Create

msimg32

GradientFill

uxtheme

SetThemeAppProperties

comdlg32

GetOpenFileNameA

olepro32

ord251

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 744KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b81079f03aee7551cd3bdd724287ead5

Code Sign

0f:2a:d6:44:4f:c4:dd:8b:48:d7:07:a1:94:03:11:4eCertificate

07Certificate

Key Usages

0b:e6:3a:c9:92:ef:67:baCertificate

Extended Key Usages

Key Usages

ce:cc:d8:f7:fd:65:43:95:72:74:53:f9:36:b5:5c:4f:e2:a6:dd:2aSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

winmm

wininet

shlwapi

ws2_32

rpcrt4

imagehlp

dinput8

msimg32

uxtheme

comdlg32

olepro32

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 740KB

.rdata Size: 440KB - Virtual size: 438KB

.data Size: 48KB - Virtual size: 324KB

.vmp0 Size: 1.4MB - Virtual size: 1.4MB

.vmp1 Size: 148KB - Virtual size: 146KB

.rsrc Size: 376KB - Virtual size: 373KB

0f:2a:d6:44:4f:c4:dd:8b:48:d7:07:a1:94:03:11:4e
Certificate

07
Certificate

0b:e6:3a:c9:92:ef:67:ba
Certificate

ce:cc:d8:f7:fd:65:43:95:72:74:53:f9:36:b5:5c:4f:e2:a6:dd:2a
Signer

.text
Size: 744KB - Virtual size: 740KB

.rdata
Size: 440KB - Virtual size: 438KB

.data
Size: 48KB - Virtual size: 324KB

.vmp0
Size: 1.4MB - Virtual size: 1.4MB

.vmp1
Size: 148KB - Virtual size: 146KB

.rsrc
Size: 376KB - Virtual size: 373KB