23a101de4f36d2403e46fb8f3c6a423b8108b39869d5bc479dab4ec8fb0e6232

Sharing

Copy URL

Twitter E-mail

General

Target

23a101de4f36d2403e46fb8f3c6a423b8108b39869d5bc479dab4ec8fb0e6232
Size

3.9MB
MD5

60e1d5b37e3cfb0bc0772daf2182edfa
SHA1

86d99d250630ec2d18bf0cef4aee63c68f0a9f6f
SHA256

23a101de4f36d2403e46fb8f3c6a423b8108b39869d5bc479dab4ec8fb0e6232
SHA512

96a765b8ab2344ca38c51c840999cd00886d53181e7b16808b6f92cfddb083c1422ca52d66a0dc400d48c77a4d308347c82e436bbd97068fdc35377d189d5ac4
SSDEEP

98304:v1SFBnMJzPefwVbTONWzqgbe86VvZCP+hpHj:9SFBnCzGe36W2gr6vAPG

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

23a101de4f36d2403e46fb8f3c6a423b8108b39869d5bc479dab4ec8fb0e6232
.dll windows x86

4c599e9accf4823d78239e64ecbeb481

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetTickCount
DeleteFileA
SetFileAttributesA
WriteFile
CloseHandle
GetModuleFileNameA
Sleep
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
MoveFileA
CreateDirectoryA
DeviceIoControl
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
CreateFileA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
MulDiv
lstrcatA
lstrcpyA
GetACP
GetVersion
RtlUnwind
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
RaiseException
SetFilePointer
LCMapStringW
GetCPInfo
GetOEMCP
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
WideCharToMultiByte
ReadProcessMemory
GetSystemDirectoryA
GetCurrentProcessId
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SendMessageA
SetCapture
SetWindowLongA
UnregisterHotKey
LoadBitmapA
GetSysColor
GetDC
GetCursorPos
ScreenToClient
CallWindowProcA
FindWindowA
GetAsyncKeyState
mouse_event
MessageBoxA
wsprintfA
ReleaseCapture
CreateWindowExA
RegisterHotKey
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetSystemMetrics
GetProcessWindowStation
GetUserObjectInformationW

advapi32

OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
ControlService
DeleteService

gdi32

TranslateCharsetInfo
CreateFontA
DeleteObject
GetDeviceCaps

shlwapi

PathFileExistsA
PathFindFileNameA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderPathA

comctl32

ImageList_Destroy
ord17
ImageList_EndDrag
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove

Exports

Exports

_��ӳ��

Sections

.text
Size: - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c599e9accf4823d78239e64ecbeb481

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

shell32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 190KB

.rdata Size: - Virtual size: 803KB

.data Size: - Virtual size: 594KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: - Virtual size: 190KB

.rdata
Size: - Virtual size: 803KB

.data
Size: - Virtual size: 594KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 664B