a477a4cb3a9528fdd9b185c99f56e93bd74f4c4594cc12d77b731e85fbe665d2

Sharing

Copy URL Twitter E-mail

General

Target

a477a4cb3a9528fdd9b185c99f56e93bd74f4c4594cc12d77b731e85fbe665d2
Size

2.0MB
MD5

127f32cecc773555292056d678b4151d
SHA1

01c72e2a6c2a9d98b366424b4d93f509c7356fbd
SHA256

a477a4cb3a9528fdd9b185c99f56e93bd74f4c4594cc12d77b731e85fbe665d2
SHA512

a3539d1293626757babe6853e0117ade094600d5cb2803643d7ddcf5667c338a6efd748624f502ccf90a3af6980f34fe6be06977da7e347e750c7fb91965ad46
SSDEEP

49152:6YJPAHdYJvRanbVY9v23Cqq0/YYce+p2:DJPaG9+yY/YYce+p2

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a477a4cb3a9528fdd9b185c99f56e93bd74f4c4594cc12d77b731e85fbe665d2
.exe windows x86

7f12cb2b5f2cec71a621b3f2847d054d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetTickCount
TlsFree
CreateThread
LocalFree
TlsAlloc
FormatMessageA
WinExec
TerminateProcess
GetCommandLineA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateIoCompletionPort
InterlockedCompareExchange
GetQueuedCompletionStatus
InterlockedExchangeAdd
InterlockedExchange
TlsGetValue
TlsSetValue
PostQueuedCompletionStatus
WaitForSingleObject
QueueUserAPC
OpenThread
SleepEx
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
VirtualQueryEx
VirtualProtectEx
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
WriteFile
SetFilePointer
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LoadLibraryA
IsDebuggerPresent
RtlUnwind
GetSystemInfo
HeapReAlloc
CreateDirectoryA
ReadFile
GetTimeFormatA
GetDateFormatA
GetLocalTime
ExitThread
GetProcessHeap
GetStartupInfoA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetTimeZoneInformation
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
LoadLibraryExA
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetVersionExA
LoadResource
LockResource
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MulDiv
lstrcmpA
DeleteCriticalSection
SetLastError
lstrlenW
GetCurrentThreadId
GlobalAddAtomA
ExitProcess
lstrcpyA
ReadProcessMemory
FindResourceA
GlobalAlloc
MultiByteToWideChar
OutputDebugStringA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexA
CreateProcessA
IsProcessorFeaturePresent
GetThreadLocale
GetModuleFileNameA
Sleep
CloseHandle
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrlenA
CompareStringA
GetCurrentProcess
FlushInstructionCache
SetUnhandledExceptionFilter
RaiseException
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

IsChild
DestroyAcceleratorTable
GetDesktopWindow
GetClassInfoExA
RegisterClassExA
CreateAcceleratorTableA
GetActiveWindow
RegisterWindowMessageA
CreateDialogIndirectParamA
EnableWindow
wvsprintfA
DestroyIcon
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
LoadImageA
GetSysColorBrush
LoadAcceleratorsA
GetSystemMetrics
GetWindowThreadProcessId
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
SetMenuItemInfoA
DrawFrameControl
GetMonitorInfoA
MonitorFromPoint
DrawEdge
FrameRect
MessageBeep
WindowFromPoint
GetMessagePos
TrackPopupMenuEx
GetWindowDC
InflateRect
UnhookWindowsHookEx
CharLowerA
GetKeyState
CallNextHookEx
SetWindowsHookExA
IsMenu
SetMenuDefaultItem
PostQuitMessage
LoadStringW
CreatePopupMenu
AppendMenuA
RemoveMenu
FindWindowExA
RegisterClassA
FindWindowA
DrawIcon
GetIconInfo
SetLayeredWindowAttributes
RedrawWindow
MapDialogRect
SetWindowContextHelpId
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
SetCursor
DrawFocusRect
FillRect
PtInRect
CallWindowProcA
GetDlgCtrlID
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
SetRectEmpty
GetCursorPos
TrackPopupMenu
GetSubMenu
LoadStringA
DefWindowProcA
IsDialogMessageA
DestroyMenu
InvalidateRect
LoadMenuA
DestroyWindow
CheckMenuItem
TranslateAcceleratorA
GetForegroundWindow
ModifyMenuA
UnregisterHotKey
RegisterHotKey
SetForegroundWindow
LoadIconA
MessageBoxA
SetFocus
SetTimer
IsWindowVisible
ShowWindow
DrawMenuBar
GetMenu
PostMessageA
GetClassNameA
OffsetRect
ReleaseDC
GetDC
InvalidateRgn
ClientToScreen
MoveWindow
CharNextA
DrawTextA
EndDialog
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
DialogBoxParamA
CreateDialogParamA
SetWindowPos
IsWindow
GetDlgItem
GetParent
GetClientRect
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
CreateWindowExA
SetWindowLongA
LoadCursorA
UnregisterClassA

gdi32

CreateFontA
StretchBlt
MoveToEx
GetTextMetricsA
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBkColor
SetBrushOrgEx
CreatePen
TextOutA
DeleteObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectA
DeleteDC
SelectObject
GetObjectA
LineTo

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
OleCreateFontIndirect
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
DispCallFunc

shlwapi

PathFindFileNameA

comctl32

ImageList_DrawIndirect
ord6
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
_TrackMouseEvent

ws2_32

WSAStringToAddressA
WSAAddressToStringA
select
ioctlsocket
WSARecv
getsockname
getsockopt
htonl
ntohl
__WSAFDIsSet
WSASocketA
WSASend
listen
setsockopt
WSAStartup
WSACleanup
closesocket
shutdown
recv
send
connect
htons
inet_addr
socket
WSASetLastError
accept
WSAGetLastError
bind

Exports

Exports

MnnH��oq)��j�n��G{?��f�_"BW��W׫K��5 ��E��N� >Z�(h�8��$�j�A �0P�,ġ�2'�}#��DQǇ��F'4��B�X�i��)}+�*�� d l�h��w�1��]��[��f��M�6ٰ�O�Z�9�__5�b�-�ȥ{��hRu�#�� 4X�=�E�>z��`�.��t��7�ǲe�B9\��5�}��`��'L��i+7�B@Q��na�Y��h��'�n,�u�2��f{4!;]9�*�[�C��P�B�&w�*G0��8޳W-�km��(ozL2��ѱ�gSJ�&~x��?�M"I�EA�%��<:q��Nq�a��0��W:�UBO��a�5��c�r��㯕�e��K�cH��@�� `Kc r"�T��oO��8��.X{�1|p�,bz�F�� 1[�M9�RgXԢ,��i�[��&1>��PN�~��ŗ>�<�Ai�AU�e.�[��&��PHa��8��5 ��G`�� J,X�#�}�܈��~h� ��T;�9n�9��8��Y��(�-:Ȕ6'T�ґ>:��凶/ȁ��d-��UܡN��T��V��L�!��˘��'yQ�Ď��&�Jʦ��Y/H��!��(��*��:{̹��+��f �F,D?jVt_��Y�� B*b��Q\{voU��O~&\w��=%��8yF�}]��:�A�C^�<y44�"��i��O�S�� /�d4ȃ6Z��^��n��Y��֝�{ IsU�{��t�l��9�߉Ѹ��>E'p��e��~&��h�6�7�~1ڥ�U�D�\�t��l ��/��ba�,%��6Dr61��_�E^��ǈO��p�\}.�A��z��c�`��煆BT�?�!P��T��q�� l�[�W��O��\�~�#�6�@��O 6��`4�Q�s�p��j\"Y�#��aLW(�*~�_q��a��T��4�(�I� k�9{fb]�K�|��j�1Qu�W�@��1�V.��5� ��(*K�$:��nQ�S�}e�C*^L�hp�, �R%j�. d��2s��Cڈ�Ym��w�5�d룱�/��s=\�:ؚjF`�q��(q��i�u��|\ ��{k[ћ�a�d��b>ѤYA�{��[B95�q��{P��A\��x�=��M�|A�� UmsI+��,)Zʤ�n��^��7/�z�� a�YJ�'�O�N|͌t��H?��`w�5e�(��zJ(�-�΀��0C7_�22k�vaؑ�o�$yFO��A;%P�0Af�´A��q)��c�a�iM� E�Ŵbb��}�&��4-K!�,8{ B��x��J�\��v��TB5 �E�F��6�|X�Q�p�A5a�0]Zy�]� p��+]��Ќ6��j[�t�`��R�+j��,R�?yV6Ņ A[�@�Ó,^I��|��D��lT�� 2�n ��~f�gYZS\B��@=��p��F��,dKQl��Ljb��s�p2O��"��Ƴs��j��纱��S�2��x(NnW��] ��4�V}�� knMG77 ��M�b3��HbQ.��#��V��;��?�e�΋u릚W9Cc��N��d�2Еs�*�7�'�U��+��x�z��0L�+8��\2ٗ,�a�*��0�._�>@�S�0�|�@�&c�by�e��LZO��,��Qj�y/�K��t/B��|t��wrrJ��Oiw�Xu�w��!,a}�_�ѤT�5E6z��+}��=Ì^��{|��o�T��8��3�{h�� i4h��Ė�jg�4��D0� ��eG��bG F��Vh6��ʕ?U�= ��o��ڷ��K� s�pߺ�YI��?��ﻫ�;��M��BK_2��nVd�WU2�<jU��ஐ��l�ϗ�y�ύ�(-�kYR�\J��*�mǗ��v0^꯺ɞdL��r��|X��Ȧ��-�Z��3^��ñ�� < <vE��R��*:Ұ 5�'ƣ@��zuz%�b��?V��E25|:��ħMD��x�[��v��2��DE�H��&�w�X ��b@yC!�>��|u��H:��'r��ʀk��3aɂ�ׇ��M�{V�@��I��-�=��(N��v�D�pS��Z�U��%�^��{yMsD�euy��$N��d��w�GbX;G�U�Կ��䘤5��aa�a�KUe��e-��x�9x�� 󔀪�iл�� r�夡#�XE��;�ծFZC8��e.��0{m ȔgS� k��m�H|+ �,�X2��3� ��N�]��|��M�(6��Z��:m�(��a8��)�mWJh�N+�ZS�rX�5��G��È<b��[�{��̥��3ig/i ��B�.@�=}t6��:X�|��Fa�S��3~x�Q?T��+[0��^7��5�Q��"�*a_��y�uE�_É�)�@� ^��7ԥ��zӣ�rB�_�&��r}��=LBB��/n�F��Do�K�&2�&Ȑ�s1�wt�w��?v��[*� e�#ēɒ��R�+��7�#��俛 �n4�4��)��ß5!Z�<m�� C\��#�.; |��+i\�ns�s�ml��<�h{/�A��4�b��Ȗ\��m�Y$�Ιxw� Fs�<�}�wU��'B�y(/�N� �(��Q��t u~}i��7�5Q��%?�ۗ��h��a��Fg�Q�D�J~�G�)��|��`��CYI��A�(��.a(��Z=l+� 9�'�= 1�z�?�S0Y��^��G�S

Sections

.text
Size: 684KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 556KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 568KB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f12cb2b5f2cec71a621b3f2847d054d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 681KB

.rdata Size: 556KB - Virtual size: 554KB

.data Size: 568KB - Virtual size: 8.6MB

.rsrc Size: 200KB - Virtual size: 199KB

.vmp0 Size: 20KB - Virtual size: 17KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 52KB - Virtual size: 48KB

.text
Size: 684KB - Virtual size: 681KB

.rdata
Size: 556KB - Virtual size: 554KB

.data
Size: 568KB - Virtual size: 8.6MB

.rsrc
Size: 200KB - Virtual size: 199KB

.vmp0
Size: 20KB - Virtual size: 17KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 52KB - Virtual size: 48KB