fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b

Sharing

Copy URL

Twitter E-mail

General

Target

fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b
Size

1.7MB
MD5

ffd401bb92fc10b64207a87d60c7d0d9
SHA1

1f92c4496c1da3335b574f24848d36863c7fc469
SHA256

fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b
SHA512

a20799c43ddde7c4beb00312dcfdb0413c2da3f8a2d57e8b724e4e242cb432ad52899d5afb589f599392c45bbd971f80e5b3403eb8f62b424527d94f7d54a52d
SSDEEP

24576:2/P/oPoBAbMsf+Mw2JwnUJTKze1yqGRSzIun2QUCtTCfzdasp4G0evlOJd4kXGTV:+oeX2JNJTKy1NHjUDakk74kXGTvhrL7

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/DekaronJSQ5.7ʽ/DekaronJSQ.exe	vmprotect
static1/unpack001/DekaronJSQ5.7ʽ/DekaronJSQ³.exe	vmprotect

Files

fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b
.zip
DekaronJSQ5.7ʽ/DekaronJSQ.exe
.exe windows x86

0555e7c5a86aeb434c3b9f53d08aa253

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
FreeLibrary
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
LoadLibraryA
GetLocaleInfoA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

winmm

waveOutOpen

ws2_32

sendto

rasapi32

RasHangUpA

user32

GetDC
MessageBoxW
CharUpperBuffW
wsprintfW

gdi32

LPtoDP

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleRun

oleaut32

VariantChangeType

comctl32

ord17

wininet

InternetOpenA

comdlg32

ChooseColorA

Sections

.MPRESS1
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DekaronJSQ5.7ʽ/DekaronJSQ³.exe
.exe windows x86

aee30280b747ecc77ad0d4a12df7c5e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
FreeLibrary
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
LoadLibraryA
GetLocaleInfoA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

rasapi32

RasHangUpA

user32

GetDC
MessageBoxW
CharUpperBuffW
wsprintfW

gdi32

PatBlt

winmm

waveOutOpen

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

OleInitialize

oleaut32

UnRegisterTypeLi

comctl32

ord17

ws2_32

inet_ntoa

wininet

InternetOpenA

comdlg32

ChooseColorA

Sections

.MPRESS1
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 837KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0555e7c5a86aeb434c3b9f53d08aa253

Headers

File Characteristics

Imports

kernel32

winmm

ws2_32

rasapi32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

wininet

comdlg32

Sections

.MPRESS1 Size: - Virtual size: 3.1MB

.MPRESS2 Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 462KB

.vmp1 Size: 928KB - Virtual size: 928KB

.rsrc Size: 5KB - Virtual size: 4KB

aee30280b747ecc77ad0d4a12df7c5e9

Headers

File Characteristics

Imports

kernel32

rasapi32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

wininet

comdlg32

Sections

.MPRESS1 Size: - Virtual size: 1.2MB

.MPRESS2 Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 468KB

.vmp1 Size: 837KB - Virtual size: 837KB

.rsrc Size: 170KB - Virtual size: 169KB

.MPRESS1
Size: - Virtual size: 3.1MB

.MPRESS2
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 462KB

.vmp1
Size: 928KB - Virtual size: 928KB

.rsrc
Size: 5KB - Virtual size: 4KB

.MPRESS1
Size: - Virtual size: 1.2MB

.MPRESS2
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 468KB

.vmp1
Size: 837KB - Virtual size: 837KB

.rsrc
Size: 170KB - Virtual size: 169KB