328647597dd1f4dedee9b5833581841255eb2d7561b1f7d4c2321ba7c1b51c5b

Sharing

Copy URL Twitter E-mail

General

Target

328647597dd1f4dedee9b5833581841255eb2d7561b1f7d4c2321ba7c1b51c5b
Size

385KB
MD5

bb7d2c04adce3e950f59ebd8f71756b8
SHA1

a435f95010f3b40d848b2883edc1c684bf7e022a
SHA256

328647597dd1f4dedee9b5833581841255eb2d7561b1f7d4c2321ba7c1b51c5b
SHA512

c8a1294eef3aa7b6559e90de006d4353da1702c8fa5e2b15db23d991ecfb9b54197e0e364ede5904f2fcd77bdba5df5d42ac6717334f9cafa5de96f642e382c6
SSDEEP

6144:04UEnqSgW1u6V4OKKij3hWE75Ynnet/R4KnM6J1ATUgdVwuCP:40JgW1uv1j3hdUU54KnZco1P

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

328647597dd1f4dedee9b5833581841255eb2d7561b1f7d4c2321ba7c1b51c5b
.exe windows x86

f143dca5e4af1e909e88740a27020277

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dtcommonres

ShowBurnImageDialog
SelectImageCatalogFolder
EditBox
ShowDeviceParameters
ShowDeviceInfo

mfc100u

ord1479
ord4512
ord2629
ord285
ord5264
ord1298
ord1934
ord286
ord2155
ord1312
ord869
ord1270
ord1476
ord4290
ord296
ord266
ord902
ord2064
ord2068
ord290
ord265
ord1300

msvcr100

memmove
free
_beginthread
_purecall
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy_s
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABV01@@Z
wcscat_s
wcscpy_s
_wsplitpath_s
wcslen
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memset
_CxxThrowException
__CxxFrameHandler3

kernel32

HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedExchange
LoadLibraryExW
GetModuleFileNameW
GetSystemTimeAsFileTime
LocalFree
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
FlushFileBuffers
FreeLibrary
DisconnectNamedPipe
ReadFile
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
CreateEventW
GetCurrentProcessId
CreateNamedPipeW
GetCurrentThreadId
GetVersionExW
SetEvent
OpenEventW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateThread
GetLastError
CreateMutexW
GetProcAddress
LoadLibraryW
TerminateThread
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedCompareExchange
CloseHandle
WriteFile
CreateFileW

user32

EndDialog
PostMessageW
KillTimer
CopyRect
MonitorFromWindow
GetMonitorInfoW
SetTimer
MoveWindow
CreateWindowExW
ScreenToClient
ShowWindow
SetWindowTextW
DialogBoxParamW
EndPaint
GetSysColorBrush
FrameRect
BeginPaint
GetClientRect
SetWindowLongW
GetWindowLongW
SetWindowPos
GetParent
GetWindowRect
GetIconInfo
MessageBoxW
DestroyIcon
SendMessageW
GetDlgItem

gdi32

GetObjectW
DeleteObject
GetBitmapBits

comdlg32

GetOpenFileNameW

advapi32

OpenThreadToken
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

shell32

ord680
SHCreateShellItem
ord190
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CLSIDFromString
CoInitialize
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f143dca5e4af1e909e88740a27020277

Headers

DLL Characteristics

File Characteristics

Imports

dtcommonres

mfc100u

msvcr100

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp100

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 217KB - Virtual size: 217KB

.vmp0 Size: 7KB - Virtual size: 6KB

.vmp1 Size: 114KB - Virtual size: 116KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 217KB - Virtual size: 217KB

.vmp0
Size: 7KB - Virtual size: 6KB

.vmp1
Size: 114KB - Virtual size: 116KB