0e03760fdfac327d58531276cbc7b4f10412454aff7109ec5a1c2791c7039093

Sharing

Copy URL Twitter E-mail

General

Target

0e03760fdfac327d58531276cbc7b4f10412454aff7109ec5a1c2791c7039093
Size

537KB
MD5

5b70ca7e88b92283842c5fef9b67a17c
SHA1

469511000460ed83e37bea94a95e687979d57ac7
SHA256

0e03760fdfac327d58531276cbc7b4f10412454aff7109ec5a1c2791c7039093
SHA512

372ad9f6930767a202cfe51edecc55a68b356373241614d36ac7e2b8c1cdf75edb33fe78e79b8e0dd3eeea4f9c8c7b70d84372e1b25bdc17270b690c4a261bbb
SSDEEP

12288:p/OXIuCWO2pE6y4dXJojOjrgih1D1lMxjwCWNmx0zz2tq:p/I3O2DdsOjVp+RWNmCetq

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

0e03760fdfac327d58531276cbc7b4f10412454aff7109ec5a1c2791c7039093
.dll windows x86

60ef5f42db52439cb93f5733f5b7ae89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strchr
memset
atoi
strcspn
srand
memcpy
strtoul
strncpy
rand
strstr

kernel32

CreateFileA
lstrcatA
GetTempPathA
GetModuleFileNameA
LocalFree
LocalAlloc
InterlockedIncrement
InterlockedDecrement
lstrlenA
CreateProcessA
SetErrorMode
CreateThread
GlobalMemoryStatusEx
WaitForSingleObject
InterlockedExchange
CopyFileA
TerminateProcess
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
CreateNamedPipeA
GetModuleHandleA
SetFilePointer
GetWindowsDirectoryA
DeleteFileA
InterlockedExchangeAdd
GetCurrentThreadId
WriteFile
CloseHandle
LoadLibraryA
GetProcAddress
ExitProcess
GetTickCount
GetThreadTimes
GetSystemInfo
Sleep
VirtualProtect
ExitProcess

user32

wsprintfA

advapi32

StartServiceA
CreateServiceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CloseServiceHandle
OpenServiceA

ole32

CoInitializeEx

ws2_32

ntohl
WSASocketA
htonl
WSAStartup
WSAIoctl
setsockopt
socket
sendto
send
select
WSAGetLastError
connect
ioctlsocket
htons
recvfrom
recv
closesocket
gethostbyname
inet_addr

dnsapi

DnsQuery_A
DnsQueryConfig

iphlpapi

GetAdaptersAddresses
GetBestRoute
GetIfTable

Exports

Exports

ServiceMain

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

yy
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60ef5f42db52439cb93f5733f5b7ae89

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

ws2_32

dnsapi

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 18KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 1KB

.vmp1 Size: - Virtual size: 95KB

.vmp2 Size: 138KB - Virtual size: 137KB

.reloc Size: 512B - Virtual size: 120B

yy Size: 1024B - Virtual size: 1024B

.text
Size: - Virtual size: 18KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 1KB

.vmp1
Size: - Virtual size: 95KB

.vmp2
Size: 138KB - Virtual size: 137KB

.reloc
Size: 512B - Virtual size: 120B

yy
Size: 1024B - Virtual size: 1024B