a9f79071437a878080914bdfb1f107ac92e3537773298aeddef2a7fc17279d29

Sharing

Copy URL Twitter E-mail

General

Target

a9f79071437a878080914bdfb1f107ac92e3537773298aeddef2a7fc17279d29
Size

84KB
MD5

a2c9e147b573ccf836849e940dae51b1
SHA1

698dbdd397dc0e899f697092068bcb936444c202
SHA256

a9f79071437a878080914bdfb1f107ac92e3537773298aeddef2a7fc17279d29
SHA512

074cca0f93abf3174c6736cf48e1b3668ef63a918a4b73b2d12141c5baf64180338d8084f6d187c52ef3ce6bda7a1d3b897c45b1191c73e629d06993b8038d25
SSDEEP

1536:7OwZfhFVqFqArpiABStX3KYL6LIrebnvaQCN5caDhrn0H0+9fbFyyUv:7NhhFVvQHgtZLsITQQGa90Lu

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a9f79071437a878080914bdfb1f107ac92e3537773298aeddef2a7fc17279d29
.exe windows x86

927c23323701cbaaecead405c564a0ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameA
DeleteFileA
ReadFile
GetFileSize
lstrlenA
Sleep
GetDriveTypeA
GetLogicalDriveStringsA
GetTempPathA
GetTickCount
WinExec
lstrcatA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
FindFirstFileA
GetEnvironmentVariableA
GetShortPathNameA
CopyFileA
GetSystemDirectoryA
WaitForSingleObject
CreateThread
ExitProcess
CreateMutexA
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
FindNextFileA
FindClose
LoadLibraryA
GetProcAddress
FindResourceA
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
GetLastError
GlobalFree
lstrcpyA
GlobalAlloc
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
GetDesktopWindow
MessageBoxA

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA

ws2_32

connect
closesocket
inet_addr
socket
setsockopt
WSCEnumProtocols
WSCInstallProvider
htons
recv
__WSAFDIsSet
select
send
WSAStartup
gethostbyname
WSAIoctl
WSCDeinstallProvider
WSCWriteProviderOrder

msvcrt

strcspn
__CxxFrameHandler
srand
??3@YAXPAX@Z
_mbsicmp
exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
swprintf
memcmp
wcscpy
memcpy
toupper
strlen
free
malloc
strstr
strcpy
sprintf
memset
strcat
??2@YAPAXI@Z
rand
atoi
strncpy
_except_handler3
strncmp
_exit

iphlpapi

GetIfTable

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenUrlA

rpcrt4

UuidCreateSequential
UuidCreate

Sections

111
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

222
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

333
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

927c23323701cbaaecead405c564a0ec

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

iphlpapi

wininet

rpcrt4

Sections

111 Size: - Virtual size: 22KB

222 Size: - Virtual size: 4KB

333 Size: - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 68KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 82KB - Virtual size: 81KB

.reloc Size: 512B - Virtual size: 112B

111
Size: - Virtual size: 22KB

222
Size: - Virtual size: 4KB

333
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 68KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 82KB - Virtual size: 81KB

.reloc
Size: 512B - Virtual size: 112B