f312a953f5345ae19e3e0ccc6f6d3197ed13e387fedb7a2e0399b431319c4871[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f312a953f5345ae19e3e0ccc6f6d3197ed13e387fedb7a2e0399b431319c4871.exe
Size

15.4MB
MD5

c2a14e873d47a54010d29d3208050f98
SHA1

115a5076ff926500ae220cf5e3730084f8a5acf5
SHA256

f312a953f5345ae19e3e0ccc6f6d3197ed13e387fedb7a2e0399b431319c4871
SHA512

a3a6015a5f4971b24ef51ebbd169c36afa16ebcce6ae0cc34493ad7a9cf01478728a839198fa9b364aed2ae5cb061bff013d02cb48372aed2669c8067bdb3fd3
SSDEEP

393216:kiFsmlTVA8M17MtdipJPVRHy5CKNidWk6KODEfQ:kiHjjJtspN686TuQ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

f312a953f5345ae19e3e0ccc6f6d3197ed13e387fedb7a2e0399b431319c4871.exe
.exe windows:5 windows x86 arch:x86

9ebcd018a747182c37aabf2ab1139666

Code Sign

4a:c1:e5:42:d4:1c:6d:33
Certificate

Issuer

CN=Java,O=Java INC,L=Las Vegas,C=US,1.2.840.113549.1.9.1=#0c0d6a61766140636f72702e6e6574

Not Before

03-10-2021 00:00

Not After

03-10-2023 00:00

Subject

CN=Java,O=Java INC,L=Las Vegas,C=US,1.2.840.113549.1.9.1=#0c0d6a61766140636f72702e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:c1:e5:42:d4:1c:6d:33
Certificate

Issuer

CN=Java,O=Java INC,L=Las Vegas,C=US,1.2.840.113549.1.9.1=#0c0d6a61766140636f72702e6e6574

Not Before

03-10-2021 00:00

Not After

03-10-2023 00:00

Subject

CN=Java,O=Java INC,L=Las Vegas,C=US,1.2.840.113549.1.9.1=#0c0d6a61766140636f72702e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:b0:8c:a3:0c:dd:31:35:30:37:b6:89:62:cb:40:f2:d6:ee:75:b2:26:76:34:57:29:df:7b:97:41:e6:07:22
Signer

Actual PE Digest

a7:b0:8c:a3:0c:dd:31:35:30:37:b6:89:62:cb:40:f2:d6:ee:75:b2:26:76:34:57:29:df:7b:97:41:e6:07:22

Digest Algorithm

sha256

PE Digest Matches

false

a7:1a:49:51:e2:f9:7e:9b:ea:86:78:59:f7:1d:c6:9d:b7:7e:29:b2
Signer

Actual PE Digest

a7:1a:49:51:e2:f9:7e:9b:ea:86:78:59:f7:1d:c6:9d:b7:7e:29:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strlen

kernel32

CreateProcessA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 15.4MB - Virtual size: 15.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebcd018a747182c37aabf2ab1139666

Code Sign

4a:c1:e5:42:d4:1c:6d:33Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

4a:c1:e5:42:d4:1c:6d:33Certificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a7:b0:8c:a3:0c:dd:31:35:30:37:b6:89:62:cb:40:f2:d6:ee:75:b2:26:76:34:57:29:df:7b:97:41:e6:07:22Signer

a7:1a:49:51:e2:f9:7e:9b:ea:86:78:59:f7:1d:c6:9d:b7:7e:29:b2Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

wtsapi32

user32

Sections

.text Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 10.9MB

.bss Size: - Virtual size: 4B

.vmp0 Size: - Virtual size: 2.8MB

.vmp1 Size: 15.4MB - Virtual size: 15.4MB

.rsrc Size: 18KB - Virtual size: 18KB

4a:c1:e5:42:d4:1c:6d:33
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

4a:c1:e5:42:d4:1c:6d:33
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a7:b0:8c:a3:0c:dd:31:35:30:37:b6:89:62:cb:40:f2:d6:ee:75:b2:26:76:34:57:29:df:7b:97:41:e6:07:22
Signer

a7:1a:49:51:e2:f9:7e:9b:ea:86:78:59:f7:1d:c6:9d:b7:7e:29:b2
Signer

.text
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 10.9MB

.bss
Size: - Virtual size: 4B

.vmp0
Size: - Virtual size: 2.8MB

.vmp1
Size: 15.4MB - Virtual size: 15.4MB

.rsrc
Size: 18KB - Virtual size: 18KB