8fe0b30a7ab90eb3910980cfbdbb5be0834fc3dbcb2de865a90272b5b5d45784

Sharing

Copy URL

Twitter E-mail

General

Target

8fe0b30a7ab90eb3910980cfbdbb5be0834fc3dbcb2de865a90272b5b5d45784
Size

2.4MB
MD5

ecab701beda846496fb0edadcf7ebb8a
SHA1

84823b97f3d4bbdd9695435ca8be0fccd8b713ea
SHA256

8fe0b30a7ab90eb3910980cfbdbb5be0834fc3dbcb2de865a90272b5b5d45784
SHA512

57d8dc26da3458b21de770192ec3363e6b7feed1bbf236328e83d3ac294ce30d409a4dbb934c48d84a5964b634228feafda2f5c6f5fe32924cc2cfcc2d3cd95a
SSDEEP

49152:tSm9o3PvO5awh79F+Ka4gvWl9tfVdIcerpOiP7yYX30rty4x6jjtRB6biNUaYABE:tB9oHjw7Fe4gvWl9tfTIceNPP+YXnI6a

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

8fe0b30a7ab90eb3910980cfbdbb5be0834fc3dbcb2de865a90272b5b5d45784
.dll windows x86

9e650ddbdba0b77f3625f7b60997b1f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent
GetStdHandle
HeapCreate
HeapDestroy
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemInfo
HeapQueryInformation
HeapSize
HeapReAlloc
ExitProcess
HeapAlloc
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
ExitThread
RaiseException
RtlUnwind
FindResourceExW
GetUserDefaultLCID
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
CreateFileW
lstrcmpiW
FreeResource
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
DeleteFileW
InterlockedIncrement
CompareStringW
GlobalFlags
GetVersionExW
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalFree
CopyFileW
GlobalSize
GlobalUnlock
MulDiv
GlobalAddAtomW
GetPrivateProfileStringW
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
WaitForSingleObject
SetThreadPriority
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
DeactivateActCtx
GlobalLock
lstrcmpW
GlobalAlloc
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
TerminateThread
FindClose
FormatMessageW
LocalFree
LoadLibraryW
OpenProcess
GetExitCodeProcess
TerminateProcess
GetModuleFileNameW
SetFilePointer
WriteFile
CreateThread
SetLastError
VirtualAlloc
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetCurrentThreadId
InterlockedCompareExchange
VirtualQuery
ResumeThread
GetLastError
MultiByteToWideChar
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileA
GetFileSize
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetCurrentThread
CloseHandle
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
LCMapStringW
Sleep
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
IsIconic
MoveWindow
IsDialogMessageW
CheckDlgButton
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetMenu
SetWindowLongW
SetWindowPos
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetDlgCtrlID
GetIconInfo
PtInRect
SetWindowTextW
GetSystemMenu
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetSysColorBrush
GetClassInfoW
DefWindowProcW
MapWindowPoints
GetClientRect
LoadCursorW
SetLayeredWindowAttributes
GetSysColor
GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
SetRectEmpty
CopyRect
DeleteMenu
UnregisterClassW
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
GetActiveWindow
IsWindowVisible
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetDoubleClickTime
CharUpperBuffW
CopyIcon
LoadBitmapW
GetFocus
SetWindowTextA
GetWindowTextA
GetWindowTextW
RegisterClipboardFormatW
EmptyClipboard
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
SendMessageTimeoutW
GetTopWindow
GetClassNameW
GetWindow
UnhookWindowsHookEx
CallWindowProcW
SetWindowsHookExW
GetMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
SendMessageW
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
GetWindowRgn
DestroyCursor
FindWindowExA
GetWindowThreadProcessId
MessageBoxW
RegisterWindowMessageW
PostMessageW
MessageBoxA
ExitWindowsEx
FindWindowW
GetKeyState
ShowWindow
DrawIcon
MapDialogRect
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
EndPaint
IsCharLowerW
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
DrawFocusRect
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
GetWindowRect
CopyAcceleratorTableW
UpdateLayeredWindow
MessageBoxA

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
DPtoLP
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateBitmap

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW

shell32

SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

StrTrimA
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoCreateGuid
CoUninitialize

oleaut32

VariantInit
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipBitmapSetPixel
GdipCreateBitmapFromScan0
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipDrawImageI

winmm

PlaySoundW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Exports

Exports

��1u��<��#7��Ș�#v��z��})>|'�s�� '��@4�e��m}g��e��<a��A�4�\��I�0L�8(Δu��ĵ�tc+�)\�+��Đ4�� .��&�[��?�~��1��/+��{f�ކ��B��|v&��wVs×l�ZCt}0�̈́� �t��x�}��N�D��s�- �d��žn��ig3C�PyR�B��>��?��b��1Z�3W�' YY�`eIN'2�Z�M��]$]�we��kQ�U\ JDJ�F��\�+Z�Py ��0�AБS)ս�k҅v��_zw-��)��xAds� nMD�k��9n��q@Pp��>\{C��O��I�1��O2�/�<9�[7�#$U&�=��h�E�B�![�&�L[J��_��q�7��?3� +�}(�F�v��0�d�j\qJ��/@��^v L��t2�ఎA~<��L��A4S��T�,��ٔ��ݴ��p�q��S��s�o��zM&m`�w��5�m>� Ͻ�+A��$ 4��a�cۉh:��'��Qh��x��2��fzh�lc��KK<}.��F�dz3p��^,��4�xTV��ac�o�Az��^o~7J��*��#�;��=@�K��&U$ZVF'y(�ċ��t��\`��mg�g��ҲI{3s9��zrSi�� Ѵ��0s[�6e��"@��.҂��t?+��C �ERwGk�g�.�c��`�^1 ��<�_�v�z�6��?�;2��&��hg� ��M��b��>}�b�i��eEE��[}u�@�� o ��5��.��~D��1�� q�p��U�oK��8e�B�6��ޭE��*�:��/�@݈R��4��)�f�-+!xT<SEU�%�Y�1W,��R��B�2��0��,��t�a^�W3R>4��5�\"��&f5� �O��ӫ��K=�;]�wF��ͬ 9��2�<�� z�"ϫyG��t"�e�G�<t�5��W�FE�F��|!Q�Wx�A��4Ƴb��?C��籤�}��x�-��eP��`A#�-��w��$�X�ˊ��T��$��hv�#�L��ߛ��\>��n�`u��1IK�sAO�K�T�B��B(�ķ�V��U��p��Xe��@��^!��^˲}��Ge�jn�p��[��\�gxz��,��v+�z� ��X|��?(�Vx�Z�[��$ ��e*��m��Q�F��KLY�6޺99�y�Sc�0ix��л�KT��5�x"#�E��N��(2��'��!��ʮtV�<;|�b]�Twڽ�j ��|��/z�{��7Szr��G��]��'r��K��A��:�%|�\� Qz�˔��If��D0��EY�0�تU7;�Bu��D��t��+�W��G�w؞�M�� W�`J��`�ݐ뮮H��;��m\(��v[v2,.C{��M��kȚ,"�#�˶��G��Ϯ�X��S惨}�>S&� ��`s~KQ�!�Q+��,�W�vEA��V#�kW.�gǌj�xR4)�R�7��s�S�Z`C]�+E��G�⪹Z`Q��m� =5��i��NeR��;�8��0{�{�I�/1]�8:�'�� 4�l�5^Fl��7 ǸPH��q��s��kv��Cd�V}��?�q ��˲�w?��2��4��AO+��Y@i�k�#&/t�N��|��X�2IO��n�cF�Qܩ�u��Ͷe�[��jϼ�_�%��|�H��e'�^��.x�!�.��)��QO��ǡa�vV3p��$R��:��G�:N[eIf-��F9�w��b8��;�� F��mX�E��4� K��z��Ag�S��w!�5�Z� �i"Y'��M}J�r�AW�/��3�&��9Wc�6��9�+��P'pl&��8eR��;��｀[�w7܈ދm��U��r��;R��6�`k�%g��_��Ė-%7lgЀ�9�7�e�o�|6o2ҋ�GH�]�D��5MI��R��g��X��1u�~�i,�*l�zJJO�᜗f��Pby�Чϋݼ[�Ou)M�F�k��TF�yXZ.��V<�}ԽB�.f[]��S��C��4��uM�!7r�� U0"�Ja�0P��mV2��)��~�pw� ��w�$�x��8�vFx��nͳ|䊔J `@��k�h��8F>1�}�E��b��p�7��q��x:��b; Gs��g\#� z1��/�3��n`�_�|�C,��Z�Ȗ!��7�L�q�9��n̎J0�Cub��K��e)��R^N3}oa�+� ��E_ v��i�:�i^��Z�aN�9�aD1��o#�Z1H�� g>?�O�1f�} ��o5c8��j��.�G��x�X�<2�L��{]��V�:�F�̘ ��rxl��C�'��'ش��5��q��0�N�% p:m�R�cx=��c45rU�-p,[ҁ;9Ur��_o��jV�_��%w��{�<�#24�=��"�</�ք�\#��I��5�>�r�m��7r�Ѿ�#%�+�??ѷ��E�mxڳ��x�3��϶��ߍ�X��Lx��n��_v<�C~~��w�h��T�D�C�ԩ@T��+�j�.aw�#o>�7�:�!HQ��2��4�D3^��e�ӂv��g�N��Y{��q�^A�B��5��+oJ��K�:3@��$�,ob�̬��fʔop<㇌��Vx[ƊX31�2��9u/Ey4ס�

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e650ddbdba0b77f3625f7b60997b1f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

winmm

oleacc

imm32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 328KB - Virtual size: 328KB

.data Size: 26KB - Virtual size: 143KB

.rsrc Size: 207KB - Virtual size: 207KB

.vmp0 Size: 183KB - Virtual size: 183KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 58KB - Virtual size: 57KB

.reloc Size: 119KB - Virtual size: 119KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 328KB - Virtual size: 328KB

.data
Size: 26KB - Virtual size: 143KB

.rsrc
Size: 207KB - Virtual size: 207KB

.vmp0
Size: 183KB - Virtual size: 183KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 58KB - Virtual size: 57KB

.reloc
Size: 119KB - Virtual size: 119KB