ee0ff3ee1699295ee81e89db3d6fa42ac82e9602a33c4baabdf6c9f4f4ed7c1b

Sharing

Copy URL Twitter E-mail

General

Target

ee0ff3ee1699295ee81e89db3d6fa42ac82e9602a33c4baabdf6c9f4f4ed7c1b
Size

1.1MB
MD5

07905c58ed8706f294b9fcfaf5cc0c60
SHA1

1219bd27673fdeac8039620e8c0221fef29e4b86
SHA256

ee0ff3ee1699295ee81e89db3d6fa42ac82e9602a33c4baabdf6c9f4f4ed7c1b
SHA512

184db6cb4ae6055aa0dd916a4661511b2ae31959e1c9f604b64564c13b411f69a65b1bfaf48634d7f6bbd49270ba60dc3da9f1ab9448e6d279be3049b83847b2
SSDEEP

24576:Ie/7x0oZRDLdhTAIyOrJhbMsN+Eq1ujk1zWETmIzdcczaO3K:T/F0oDsuqsLqQ7GjzdcczaOa

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

ee0ff3ee1699295ee81e89db3d6fa42ac82e9602a33c4baabdf6c9f4f4ed7c1b
.dll windows x86

45b6690524f75e586dd1bfc0af976e11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FreeLibrary
GetCommandLineA
LCMapStringA
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
Module32First
Process32Next
Process32First
GetProcAddress
GetModuleHandleA
Thread32Next
ResumeThread
SuspendThread
TerminateThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
Sleep
GetTickCount
GetTimeZoneInformation
SetLastError
GetACP
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
WaitForSingleObject
OpenProcess
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
LocalFree
GetLastError
lstrcpynA
EnterCriticalSection
lstrcpyA
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcess
WriteFile
SetFilePointer
FlushFileBuffers
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetLocalTime
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcessId
CloseHandle
RtlMoveMemory
MapViewOfFile
OpenFileMappingA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
PostMessageA
PostQuitMessage
SetWindowTextA
GetMenuItemCount
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
SendMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
wvsprintfA
GetDesktopWindow
GetWindow
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
EnableWindow
SetCursor
WinHelpA
GetNextDlgTabItem

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetTextColor
SetBkColor
SelectObject
RestoreDC
CreateBitmap
SaveDC
Escape
GetObjectA
GetStockObject
DeleteDC
DeleteObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

rasapi32

RasGetConnectStatusA
RasHangUpA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17

wsock32

WSAStartup
WSACleanup
closesocket
recv
send
select

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

Exports

Exports

GetCommand
GetCommandCount
GetFormatVersion
GetPluginDescription

Sections

.text
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45b6690524f75e586dd1bfc0af976e11

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

rasapi32

winspool.drv

comctl32

wsock32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 162KB

.rdata Size: - Virtual size: 817KB

.data Size: - Virtual size: 140KB

.vmp0 Size: - Virtual size: 489KB

.vmp1 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 4KB - Virtual size: 176B

.rsrc Size: 4KB - Virtual size: 548B

.text
Size: - Virtual size: 162KB

.rdata
Size: - Virtual size: 817KB

.data
Size: - Virtual size: 140KB

.vmp0
Size: - Virtual size: 489KB

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 4KB - Virtual size: 176B

.rsrc
Size: 4KB - Virtual size: 548B