adb70666ff3d86c9c8b17ae4df231e96964035c7f4722beaa45ef6b3c2a98931

Sharing

Copy URL

Twitter E-mail

General

Target

adb70666ff3d86c9c8b17ae4df231e96964035c7f4722beaa45ef6b3c2a98931
Size

5.2MB
MD5

1b14c6cc30c9187a0bcbcc349c624d2f
SHA1

89807c3ec13b0fb2b7ce0914ee577deba9a45174
SHA256

adb70666ff3d86c9c8b17ae4df231e96964035c7f4722beaa45ef6b3c2a98931
SHA512

26d30995216317017fe1e876b30cbfc6ae4b1e7e80c2b9118ebc83bf12d5ea472b42372f5b7ce2f825a937f9ecf08383c5906258321c65e6e5c5922e245e2437
SSDEEP

98304:OBJ5Af74OqTM0yZlCqF4A8uMnnZR5klYqdaMvraB902LVjFFSiDHWpTg:OBJmT4TMZJF4AuRmdE224kkibWRg

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

adb70666ff3d86c9c8b17ae4df231e96964035c7f4722beaa45ef6b3c2a98931
.exe windows x86

22e8235219a41d6fed5cef4264f78aec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
HeapAlloc
HeapFree
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
GetStringTypeA
GetFileTime
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
GetFileAttributesA
GetModuleHandleW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
InterlockedDecrement
GetModuleFileNameW
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetThreadLocale
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
FormatMessageA
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
SetLastError
lstrcmpW
GetVersionExA
GlobalFree
ExitProcess
lstrlenA
WritePrivateProfileStringA
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemDirectoryA
FlushViewOfFile
GetTickCount
FreeResource
GetModuleFileNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
LocalFree
LocalAlloc
MultiByteToWideChar
FreeLibrary
MoveFileA
FlushFileBuffers
ReadFile
SetFilePointer
GetFileSize
LoadLibraryA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
WriteFile
CreateFileA
SetEvent
OpenEventA
WaitForSingleObject
CreateEventA
UnmapViewOfFile
OpenFileMappingA
ResumeThread
GetLastError
CreateMutexA
CreateProcessA
DeleteFileA
GetTempPathA
GetCurrentProcess
WinExec
VirtualQueryEx
ReadProcessMemory
GetCurrentDirectoryA
Sleep
OutputDebugStringA
MapViewOfFile
CreateFileMappingA
CreateRemoteThread
GetModuleHandleA
GetProcAddress
VirtualFreeEx
WriteProcessMemory
CloseHandle
GetStringTypeW
VirtualAllocEx
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
LoadCursorA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PostThreadMessageA
IsDialogMessageA
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
RegisterHotKey
UnregisterHotKey
LoadImageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
LoadIconA
CharUpperA
MessageBoxW
EnableWindow
PostMessageA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
wsprintfA
CallNextHookEx
MessageBoxW
CharUpperBuffW

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
RectVisible
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetStockObject
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
AdjustTokenPrivileges

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreatePictureIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
OleCreateFontIndirect

urlmon

URLDownloadToFileA

wsock32

WSASetLastError
WSACleanup
WSAStartup
htonl

wininet

InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetQueryOptionA

crypt32

CertFreeCertificateContext
CryptMsgClose
CertGetNameStringA
CryptDecodeObject
CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CryptMsgGetParam

ntdll

RtlAdjustPrivilege
ZwOpenProcess
ZwAllocateVirtualMemory
ZwQuerySystemInformation
ZwFreeVirtualMemory
ZwDuplicateObject
ZwQueryInformationProcess
ZwClose

Sections

.text
Size: - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e8235219a41d6fed5cef4264f78aec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wsock32

wininet

crypt32

ntdll

Sections

.text Size: - Virtual size: 269KB

.rdata Size: - Virtual size: 67KB

.data Size: - Virtual size: 26KB

.vmp0 Size: - Virtual size: 5.0MB

.vmp1 Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 512B - Virtual size: 124B

.rsrc Size: 152KB - Virtual size: 151KB

.text
Size: - Virtual size: 269KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 26KB

.vmp0
Size: - Virtual size: 5.0MB

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 512B - Virtual size: 124B

.rsrc
Size: 152KB - Virtual size: 151KB