5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6

Sharing

Copy URL

Twitter E-mail

General

Target

5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6
Size

510KB
MD5

776c622c798531da057b776d97d1d07b
SHA1

68bab218302b3e992caef0f2bf3051fe3e1b2e0d
SHA256

5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6
SHA512

b7f8a838773d2eb16bc6959a7aed22412e6ceea4952ac8c5729e6e3b72f53a66b873a28b0e2c2b4ed57e0ea21e0b68a43ebe945314112cda74f550a584ff24a1
SSDEEP

12288:gJ/dEGNqM86annZALpOsO2/xLWJaOrKYgVRproVm+a7of6iGG:gJ/dxNqMunZAtffAa1Y0roVlvDGG

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/nfzn.dll	vmprotect

Files

5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6
.rar
explorer.exe
.exe windows x86

04b9fa48edde54dc03a5e6131daa4051

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
ioctlsocket
socket
WSAGetLastError
send
recv
select
inet_addr
htons
closesocket
WSACleanup
WSAStartup
gethostbyname

msimg32

GradientFill

kernel32

SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetTickCount
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualProtect
VirtualAlloc
ReadFile
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
CompareStringW
SetEnvironmentVariableA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleW
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetThreadLocale
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
GetVersionExA
GetLastError
SetLastError
GlobalAlloc
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LoadLibraryA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
OpenProcess
Sleep
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
WideCharToMultiByte
CreateFileA
WriteFile
CloseHandle
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
GetSystemInfo

user32

LoadCursorA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
CharUpperA
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
EndPaint
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindow
SetFocus
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
FindWindowA
GetWindowThreadProcessId
MessageBoxA
LoadIconA
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
EnableWindow
EnumThreadWindows
UnhookWindowsHookEx
SetWindowsHookExA
BeginPaint
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
DestroyMenu
SetWindowContextHelpId
MapDialogRect
DispatchMessageA
CallNextHookEx
EnumChildWindows
GetFocus
CallWindowProcA
DefWindowProcA
TrackMouseEvent
SetWindowLongA
RedrawWindow
GetSystemMetrics
GetSysColorBrush
FrameRect
InflateRect
GetSysColor
FillRect
DrawFocusRect
GetWindowTextA
OffsetRect
SendMessageA
DrawTextA
ReleaseDC
GetWindowRect
GetWindowDC
GetClassNameA
GetWindowLongA
RegisterClassA

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
CreatePen
ExtSelectClipRgn
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetStockObject
MoveToEx
LineTo
CreateSolidBrush
SetPixel
SetTextColor
DeleteObject
DeleteDC
CreateCompatibleDC
SetBkMode
SelectObject
CreateCompatibleBitmap
BitBlt
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
CreateBitmap
GetObjectA
SetBkColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantCopy
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
explorer.exe.intermediate.manifest
.xml
logo.gif
.gif
nfzn.dll
.dll windows x86

56beff5cc897774a5827430115437056

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

kernel32

VirtualFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SetHook
SetName

Sections

.text
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nfzn.dll.intermediate.manifest
.xml

Sharing

General

Malware Config

Signatures

Files

04b9fa48edde54dc03a5e6131daa4051

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msimg32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 7KB - Virtual size: 7KB

.vmp0 Size: 46KB - Virtual size: 45KB

56beff5cc897774a5827430115437056

Headers

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 46KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 16KB

mydata Size: 512B - Virtual size: 184B

.rsrc Size: 512B - Virtual size: 436B

.vmp0 Size: - Virtual size: 4KB

.vmp1 Size: - Virtual size: 231KB

.vmp2 Size: 325KB - Virtual size: 324KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 7KB - Virtual size: 7KB

.vmp0
Size: 46KB - Virtual size: 45KB

.text
Size: - Virtual size: 46KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 16KB

mydata
Size: 512B - Virtual size: 184B

.rsrc
Size: 512B - Virtual size: 436B

.vmp0
Size: - Virtual size: 4KB

.vmp1
Size: - Virtual size: 231KB

.vmp2
Size: 325KB - Virtual size: 324KB

.reloc
Size: 512B - Virtual size: 232B