419410201f8e078ae71608338e2d59daa731148446ed8bb7afd04659f3a1c20c

Sharing

Copy URL Twitter E-mail

General

Target

419410201f8e078ae71608338e2d59daa731148446ed8bb7afd04659f3a1c20c
Size

381KB
MD5

606e0e7eb583f9f28c607df2947848a0
SHA1

54d347bfc449e99127088a7214672bcc2bb85cca
SHA256

419410201f8e078ae71608338e2d59daa731148446ed8bb7afd04659f3a1c20c
SHA512

26c1256bca86bd7fd69e8ff6e22484991d1eb43bf1cec53f366bd12ce46854c3dac13f54aa73ae2a0ecad6953308c049259fc25488757267dc5eaf2da80cc065
SSDEEP

6144:n4UEnqSJ1u6V4OKKij3hWE75Ynnet/R4KnM6J1ATvCCICn0TqgYYrc:N0JJ1uv1j3hdUU54KnZcvDICn0mgYYY

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

419410201f8e078ae71608338e2d59daa731148446ed8bb7afd04659f3a1c20c
.exe windows x86

f143dca5e4af1e909e88740a27020277

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dtcommonres

ShowBurnImageDialog
SelectImageCatalogFolder
EditBox
ShowDeviceParameters
ShowDeviceInfo

mfc100u

ord1479
ord4512
ord2629
ord285
ord5264
ord1298
ord1934
ord286
ord2155
ord1312
ord869
ord1270
ord1476
ord4290
ord296
ord266
ord902
ord2064
ord2068
ord290
ord265
ord1300

msvcr100

memmove
free
_beginthread
_purecall
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy_s
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABV01@@Z
wcscat_s
wcscpy_s
_wsplitpath_s
wcslen
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memset
_CxxThrowException
__CxxFrameHandler3

kernel32

HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedExchange
LoadLibraryExW
GetModuleFileNameW
GetSystemTimeAsFileTime
LocalFree
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
FlushFileBuffers
FreeLibrary
DisconnectNamedPipe
ReadFile
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
CreateEventW
GetCurrentProcessId
CreateNamedPipeW
GetCurrentThreadId
GetVersionExW
SetEvent
OpenEventW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateThread
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
TerminateThread
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedCompareExchange
CloseHandle
WriteFile
CreateFileW

user32

EndDialog
PostMessageW
KillTimer
CopyRect
MonitorFromWindow
GetMonitorInfoW
SetTimer
MoveWindow
CreateWindowExW
ScreenToClient
ShowWindow
SetWindowTextW
DialogBoxParamW
EndPaint
GetSysColorBrush
FrameRect
BeginPaint
GetClientRect
SetWindowLongW
GetWindowLongW
SetWindowPos
GetParent
GetWindowRect
GetIconInfo
MessageBoxW
DestroyIcon
SendMessageW
GetDlgItem

gdi32

GetObjectW
DeleteObject
GetBitmapBits

comdlg32

GetOpenFileNameW

advapi32

OpenThreadToken
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

shell32

ord680
SHCreateShellItem
ord190
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CLSIDFromString
CoInitialize
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.prdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f143dca5e4af1e909e88740a27020277

Headers

DLL Characteristics

File Characteristics

Imports

dtcommonres

mfc100u

msvcr100

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp100

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 217KB - Virtual size: 217KB

.vmp0 Size: 7KB - Virtual size: 6KB

.vmp1 Size: 34KB - Virtual size: 34KB

.prdata Size: 76KB - Virtual size: 76KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 217KB - Virtual size: 217KB

.vmp0
Size: 7KB - Virtual size: 6KB

.vmp1
Size: 34KB - Virtual size: 34KB

.prdata
Size: 76KB - Virtual size: 76KB