1c2c9f6b3a3e6fb32560c938f7b01a49a847ebcea4137673921cf6a727d0364c

Sharing

Copy URL Twitter E-mail

General

Target

1c2c9f6b3a3e6fb32560c938f7b01a49a847ebcea4137673921cf6a727d0364c
Size

75KB
MD5

832d79518da593863736d58ab45c1695
SHA1

82742b279deb236bc2471e64bb83fece31dbe8c1
SHA256

1c2c9f6b3a3e6fb32560c938f7b01a49a847ebcea4137673921cf6a727d0364c
SHA512

097ce2fa9ddf00b67214f1e1615e78cb4d9563ed6ac6a75c71aa0709cf32978eae59d7078a4bd7c0c8f3de1082b6d24306582dd5437fae13564d2f3bce3b9260
SSDEEP

1536:RDX4t3QJPexD37UDqfo74HHKY3pgjK+Z8GOjCzGU:RDIt3Q9elUDqQsHKY5gjVZ83CzGU

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

1c2c9f6b3a3e6fb32560c938f7b01a49a847ebcea4137673921cf6a727d0364c
.dll windows x86

66786e86d70afecc39b07c487fe146d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetVolumeInformationA
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetDriveTypeA
GetLogicalDriveStringsA
CopyFileA
SetFileAttributesA
RemoveDirectoryA
WriteFile
Process32Next
GetProcessTimes
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
FreeLibrary
Module32First
TerminateProcess
GlobalMemoryStatus
GetTickCount
GetSystemDefaultLangID
GetDiskFreeSpaceExA
CreatePipe
DisconnectNamedPipe
DuplicateHandle
PeekNamedPipe
ExitThread
GetTempFileNameA
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
GlobalReAlloc
GlobalAlloc
SuspendThread
CreateDirectoryA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
FindNextFileA
OpenEventA
CreateMutexA
GetLastError
ReleaseMutex
GetSystemDirectoryA
GetPrivateProfileStringA
FindFirstFileA
WritePrivateProfileStringA
FindClose
InterlockedExchange
GetCurrentThreadId
GetTempPathA
CreateProcessA
GetTimeZoneInformation
GetVersionExA
CreateFileA
SetFilePointer
ReadFile
SetEvent
GetModuleFileNameA
CreateThread
SetThreadPriority
ResumeThread
CloseHandle
CreateEventA
Sleep
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
Module32Next
TerminateThread

msvcrt

_adjust_fdiv
_initterm
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
strncmp
strrchr
strtok
fputs
fgets
fopen
fflush
_stricmp
_ltoa
fclose
_snprintf
realloc
time
localtime
mktime
gmtime
strchr
atoi
_except_handler3
sprintf
free
atol
malloc
fprintf
_strnicmp

advapi32

RegQueryValueExA
CloseServiceHandle
RegOpenKeyA
EnumServicesStatusA
OpenSCManagerA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CreateProcessAsUserA
DuplicateTokenEx
QueryServiceConfig2A
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
StartServiceA
ControlService
DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCloseKey

ws2_32

WSASocketA
htons
closesocket
connect
shutdown
send
inet_addr
gethostbyname
WSAStartup
gethostname
recv

user32

OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
DispatchMessageA
GetMessageA
PeekMessageA
RegisterDeviceNotificationA
EndDialog
DialogBoxParamA
GetForegroundWindow
SetProcessWindowStation
ReleaseDC
GetWindowRect
GetWindowDC
GetDC
GetWindow
GetWindowTextA
PostMessageA
wsprintfA
CreateDialogParamA
ShowWindow
OpenDesktopA
SetThreadDesktop
GetClassNameA
GetDesktopWindow
GetTopWindow

mpr

WNetGetUserA

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

Exports

Exports

ServiceMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66786e86d70afecc39b07c487fe146d8

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

ws2_32

user32

mpr

gdi32

psapi

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 512B - Virtual size: 256B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 512B - Virtual size: 256B

.reloc
Size: 3KB - Virtual size: 3KB