7baff31dca6f33e3b578fc2dfcf4772295238470b5def984f7f5c4006560f9bb

Sharing

Copy URL Twitter E-mail

General

Target

7baff31dca6f33e3b578fc2dfcf4772295238470b5def984f7f5c4006560f9bb
Size

104KB
MD5

1082693ec42fde4fe2c52db99eeb5ed4
SHA1

c1639a5e6eb17ac55402204a3facd6751bfd99fb
SHA256

7baff31dca6f33e3b578fc2dfcf4772295238470b5def984f7f5c4006560f9bb
SHA512

4c21ae1eb42d2cf95468c10df97a892e04a6f5b33427e2165a72a3f19f645752c1e692642da89bfbb01a56341b841f712eddc56c0cb44e3e8265c82c59132158
SSDEEP

1536:3rZYrNicmTw5r9Ek01HJp0RApBMTaXqraSI36ccBvyN:3ONiN1NrSIM+bStzBvy

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

7baff31dca6f33e3b578fc2dfcf4772295238470b5def984f7f5c4006560f9bb
.dll windows x86

6f21267db2582068d7a678c85348c46e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
CloseHandle
GetCurrentProcessId
DeleteFileA
CreateThread
lstrcpyA
GlobalAlloc
GlobalFree
LoadLibraryW
VirtualFree
ExpandEnvironmentStringsW
GetProcAddress
VirtualProtect
GetTempPathA
WritePrivateProfileStringA
GetLastError
lstrlenA
WriteProfileStringA
GetPrivateProfileStringA
GetProfileStringA
WideCharToMultiByte
OutputDebugStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
OpenProcess
IsBadReadPtr
LoadLibraryA
ExitThread
GetLocalTime
FormatMessageA
LocalFree
TerminateThread
GetCommandLineA
WinExec
lstrcatA
GetSystemDirectoryA
ReadFile
Sleep
WriteFile
ExitProcess
GetTickCount
FreeLibrary
SetFilePointer
GetFileSize
CreateFileA
GetComputerNameA

user32

wsprintfA
CharLowerA
GetKeyboardState
GetWindowLongA
MapVirtualKeyA
ToAscii
FindWindowA
GetWindowTextA
PostMessageA
DefWindowProcA
PostQuitMessage
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassW
wsprintfW
LoadIconA
MessageBoxA
LoadCursorA

gdi32

GetStockObject

shell32

ShellExecuteA

ws2_32

connect
closesocket
sendto
gethostbyname
setsockopt
recvfrom
WSAAsyncSelect
htonl
bind
listen
WSACleanup
htons
WSAConnect
ntohs
getsockname
accept
WSAGetLastError
WSARecv
WSAAsyncGetHostByName
getpeername
WSASend
select
__WSAFDIsSet
ioctlsocket
inet_addr
WSAStartup
recv
send
WSCGetProviderPath
WSCEnumProtocols
inet_ntoa
socket

msvcrt

memcpy
wcsstr
_itoa
atoi
srand
rand
strncmp
strncpy
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
_stricmp
_strnicmp
memset
strstr

shlwapi

PathFileExistsA
PathRemoveFileSpecA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

Exports

Exports

GetNeedSock
WSPStartup

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

sp
Size: 897B - Virtual size: 897B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f21267db2582068d7a678c85348c46e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

msvcrt

shlwapi

wininet

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

sp Size: 897B - Virtual size: 897B

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 16B - Virtual size: 16B

.vmp0 Size: 2KB - Virtual size: 2KB

.vmp1 Size: 45KB - Virtual size: 45KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

sp
Size: 897B - Virtual size: 897B

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16B - Virtual size: 16B

.vmp0
Size: 2KB - Virtual size: 2KB

.vmp1
Size: 45KB - Virtual size: 45KB

.reloc
Size: 1KB - Virtual size: 1KB