867f11235b3d6d6e2d86a502dc9025656fb2a1db1f6c93da075406102e7a0944

Sharing

Copy URL Twitter E-mail

General

Target

867f11235b3d6d6e2d86a502dc9025656fb2a1db1f6c93da075406102e7a0944
Size

689KB
MD5

6e6d76cb71a67ef0a91123b1b889a28d
SHA1

9f50694a9b2fa166b8df624635c1dc3a9a096059
SHA256

867f11235b3d6d6e2d86a502dc9025656fb2a1db1f6c93da075406102e7a0944
SHA512

d73b7433172f363f0cd6deeb857bbfc13260a7099138d6aba7d1e271a2996e49fb401d305cb63476296b329a2921d4f7e07068a530ffe7436f45909e59846c86
SSDEEP

12288:zOZyjUY++kVSrCL55g/VwDO7VvE0ssKAHr1tnuDBaH8Z:Aym+kVIw5sVUO7qEBEE8

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

867f11235b3d6d6e2d86a502dc9025656fb2a1db1f6c93da075406102e7a0944
.dll windows x86

4227e6d110277826d7273129f537e1bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
VirtualProtect
GetModuleHandleA
LoadLibraryA
VirtualAlloc
IsBadWritePtr
Sleep
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
GetProcessHeap
HeapAlloc
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringA
IsProcessorFeaturePresent
GetSystemInfo
VirtualFree
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClassExA
MessageBeep
GetAsyncKeyState
SetRect
MessageBoxA
CreateWindowExA
DefWindowProcA
GetDesktopWindow
GetSystemMetrics

msvcp90

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

d3d9

Direct3DCreate9

msvcr90

_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
tmpfile
fclose
fwrite
fseek
fread
malloc
sprintf
exit
floor
setlocale
_strdup
free
ldexp
sscanf
isspace
isdigit
_setjmp3
longjmp
__CxxFrameHandler
modf
iswspace
iswalpha
iswdigit
iswpunct
_finite
_CIacos
strncpy
_ftol
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
vsprintf
memset
_CIsqrt

gdi32

CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementA
GetGlyphOutlineA
CreateFontIndirectW
SetTextAlign
SetTextColor
GetFontLanguageInfo
GetTextMetricsW
GetTextMetricsA
GetObjectW
GetCharacterPlacementW
CreateFontIndirectA
ExtTextOutW
MoveToEx
ExtTextOutA
CreateCompatibleDC
SetMapMode
SetBkMode
SetBkColor
GetObjectA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4227e6d110277826d7273129f537e1bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp90

d3d9

msvcr90

gdi32

advapi32

Sections

.text Size: 291KB - Virtual size: 291KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 61KB - Virtual size: 73KB

.vmp0 Size: 70KB - Virtual size: 70KB

.vmp1 Size: 29KB - Virtual size: 28KB

.reloc Size: 13KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 686B

.text
Size: 291KB - Virtual size: 291KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 61KB - Virtual size: 73KB

.vmp0
Size: 70KB - Virtual size: 70KB

.vmp1
Size: 29KB - Virtual size: 28KB

.reloc
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 686B