b22e9ac8094e7293988ddf7aa2cd9780af7873a3da1d0021de099eac7dd677c9

Sharing

Copy URL Twitter E-mail

General

Target

b22e9ac8094e7293988ddf7aa2cd9780af7873a3da1d0021de099eac7dd677c9
Size

710KB
MD5

806a86ea9a2cb58cef6a245ec8cc3590
SHA1

faedb5c0aa2e5e1f7737406fe5055b0b2bbd0701
SHA256

b22e9ac8094e7293988ddf7aa2cd9780af7873a3da1d0021de099eac7dd677c9
SHA512

bceb42833cdda206c15c5e6d3e6157885902258717ab5c634a5dfa6e7e2153d2d89979e5dedcbe1502a8e604411f7a44c4728c918983dddf22dfce625924714f
SSDEEP

12288:OuduH9iM+kuv3ukqKo2Y/cfytPH6ZkCxcBpLtLDfSssF6dyIAn:OKuH7wfukLbytKxqzSl6dyIAn

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

b22e9ac8094e7293988ddf7aa2cd9780af7873a3da1d0021de099eac7dd677c9
.dll windows x86

214a2954a5b4c91561c8cf41ae940ade

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord3135
ord4895
ord4668
ord2896
ord4727
ord5636
ord2904
ord2069
ord6257
ord4993
ord2899
ord6559
ord1254
ord5916
ord663
ord404
ord3718
ord3987
ord3528
ord3534
ord2106
ord3479
ord639
ord374
ord3783
ord2327
ord1755
ord6388
ord3344
ord1678
ord1809
ord1810
ord5309
ord5152
ord4617
ord5615
ord3213
ord2610
ord1611
ord6148
ord2692
ord1321
ord3491
ord783
ord582
ord942
ord6815
ord2481
ord4434
ord4409
ord6783
ord4159
ord601
ord316
ord5997
ord4507
ord4506
ord2480
ord5924
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord5646
ord2447
ord4197
ord3178
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord4589
ord6780
ord5497
ord2074
ord5585
ord4650
ord1496
ord4331
ord305
ord1752
ord2824
ord310
ord605
ord1278
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord322
ord801
ord1183
ord2208
ord1137
ord1087
ord321
ord793
ord589
ord4029
ord798
ord1568
ord2691
ord5776
ord5528
ord780
ord579
ord1603
ord820
ord4392
ord266
ord265
ord2539
ord300
ord817
ord5923
ord941
ord2672
ord800

msvcr90

_itoa
memset
memcpy
_CxxThrowException
_CIsqrt
_CIatan2
_encoded_null
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CItan
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_mktime64
vsprintf_s
strtok
fwrite
fclose
atoi
fgets
fopen
strncmp
strtol
memmove_s
strncpy
strstr
free
_localtime64_s
strftime
_vsnprintf
malloc
printf
sscanf
sprintf
_time64
vsprintf
strcpy_s
rand
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
sprintf_s
srand

kernel32

GetPrivateProfileIntA
GetPrivateProfileStringA
WaitForSingleObject
GetProcAddress
ExitProcess
VirtualProtect
CreateFileA
FreeLibraryAndExitThread
CreateThread
GetTickCount
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
CreateToolhelp32Snapshot
CloseHandle
Beep
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
DeviceIoControl
Process32First
Process32Next
IsBadReadPtr
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
LoadLibraryA
GetLocalTime
GetSystemTime
WritePrivateProfileStringA
RaiseException
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
TerminateProcess
OpenProcess
GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameA
OutputDebugStringA
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetWindowLongA
GetWindowLongA
CallWindowProcA
EnableWindow
GetWindowTextA
SendMessageA
MessageBoxA
SetTimer
KillTimer
ShowWindow
EnumWindows
GetClassNameA
GetWindowThreadProcessId
IsWindow

advapi32

OpenProcessToken
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA

oleaut32

VariantClear

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

ws2_32

inet_ntoa
ntohl
recvfrom
sendto
recv
setsockopt
ioctlsocket
WSAGetLastError
WSAStartup
gethostbyname
gethostname
closesocket
send
connect
htons
inet_addr
socket
WSACleanup

iphlpapi

GetAdaptersInfo

Exports

Exports

GetTSObject
GetTSObjectEx

Sections

.text
Size: - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

214a2954a5b4c91561c8cf41ae940ade

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

advapi32

oleaut32

msvcp90

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: - Virtual size: 754KB

.rdata Size: - Virtual size: 72KB

.data Size: - Virtual size: 4.0MB

.vmp0 Size: - Virtual size: 218KB

.vmp1 Size: 706KB - Virtual size: 706KB

.reloc Size: 512B - Virtual size: 144B

.rsrc Size: 2KB - Virtual size: 3KB

.text
Size: - Virtual size: 754KB

.rdata
Size: - Virtual size: 72KB

.data
Size: - Virtual size: 4.0MB

.vmp0
Size: - Virtual size: 218KB

.vmp1
Size: 706KB - Virtual size: 706KB

.reloc
Size: 512B - Virtual size: 144B

.rsrc
Size: 2KB - Virtual size: 3KB