a7579f69f55c05f4bd5ab42ff730afbe87670755451b2796353b52ff4a10351e

Sharing

Copy URL Twitter E-mail

General

Target

a7579f69f55c05f4bd5ab42ff730afbe87670755451b2796353b52ff4a10351e
Size

96KB
MD5

0de056b4f7203d1516305cbc98a21ae0
SHA1

95e4058dd2281130df59b57d48853abd261dfbae
SHA256

a7579f69f55c05f4bd5ab42ff730afbe87670755451b2796353b52ff4a10351e
SHA512

cb9791e06fc9c3da2b32e41d202b82da4f1fd69feb680440316f506057a201b925d1a2062e8f1a8df5f4eb4d4b31488563ace51d9d57014c111b192364331d91
SSDEEP

1536:F++jPPkfvh+QqdaPA80JGDMJgiD4XfXu1b6UHqOV0aEuuZuJ4HDUr7:MIkfv5Pr0J9ivaFKOyDuugyHDUr7

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a7579f69f55c05f4bd5ab42ff730afbe87670755451b2796353b52ff4a10351e
.dll windows x86

309a20b2730917c93962086334121aba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
HeapFree
SearchPathA
GetTempPathA
GetTickCount
lstrcpyA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
DuplicateHandle
GetCurrentProcess
lstrlenW
ReadProcessMemory
VirtualProtectEx
lstrcatA
lstrlenA
VirtualProtect
GetSystemDirectoryA
GetFileAttributesA
WritePrivateProfileStringA
ReadFile
IsBadReadPtr
TerminateProcess
FreeLibrary
GetPrivateProfileStringA
DeleteFileA
Sleep
GetModuleHandleA
GetProcessHeap
GlobalFree
HeapAlloc
OpenProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetModuleFileNameA
lstrcmpiA
CreateThread
LoadLibraryA
GetProcAddress
CreateFileA
WriteFile
CloseHandle
GlobalAlloc
GlobalReAlloc

user32

GetWindowLongA
GetFocus
ToAscii
ReleaseDC
GetDC
LoadImageA
FillRect
wsprintfA
GetWindowTextA
GetForegroundWindow
GetKeyboardState
GetKeyState
GetCaretPos

gdi32

CreatePalette
DeleteDC
CreateHalftonePalette
GetStockObject
GetObjectA
GetDIBColorTable
GetDIBits
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
SelectObject
CreateCompatibleDC
DeleteObject
TextOutA
SetTextCharacterExtra
SetTextColor
SetBkMode
CreateFontA
CreateSolidBrush
RealizePalette
SelectPalette
GetPixel

advapi32

GetTokenInformation
SetEntriesInAclA
SetSecurityInfo
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

_strupr
fclose
_stricmp
sprintf
??3@YAXPAX@Z
fseek
ftell
rewind
??2@YAPAXI@Z
fopen
fread
_strlwr
strstr
free
malloc
strlen
strtok
printf
wcscmp
mbstowcs
memcmp
strcat
memcpy
strcpy
memset
wcslen
wcsstr
strrchr

ws2_32

gethostbyname
htons
socket
WSACleanup
connect
closesocket
send
recv
WSAStartup

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetCrackUrlA

Exports

Exports

Install

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

309a20b2730917c93962086334121aba

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

version

msvcrt

ws2_32

msvcp60

wininet

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.bss Size: - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 8KB

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 50KB - Virtual size: 50KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 26KB

.bss
Size: - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 8KB

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 50KB - Virtual size: 50KB

.reloc
Size: 2KB - Virtual size: 1KB