9402635cc388eb8de0d7550bf71b7b7c79fbe34a6b1a3a9a68ef4947f8c49141

Sharing

Copy URL Twitter E-mail

General

Target

9402635cc388eb8de0d7550bf71b7b7c79fbe34a6b1a3a9a68ef4947f8c49141
Size

116KB
MD5

eb758b01e18dde9e322ffd6f39403fd0
SHA1

1e8724c448d40b29a8b880349ea11c884526b66e
SHA256

9402635cc388eb8de0d7550bf71b7b7c79fbe34a6b1a3a9a68ef4947f8c49141
SHA512

79f0ced9e2512e3ab5ea00100a7a86e42798b0f23b6141d2cd22e4404dcfd7248a5d74ad4335e892383af8833f9f9e5a5e11defdab80be5c2a8fec4dbbec8157
SSDEEP

1536:/tJAlBYxzZjA44xLN+P0Nv2nKwIOA3zu/81Wk3AMBmszzAT7xl7/N3U1wGHYJibl:kBjoPbm881Wkxmsw/jNv6b3b8eacw

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

9402635cc388eb8de0d7550bf71b7b7c79fbe34a6b1a3a9a68ef4947f8c49141
.dll windows x86

d242f8ec736c94a26c8601aca691cb5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscmp
malloc
free
atoi
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
srand
rand
strstr
strtoul
strrchr
memset
wcsrchr
memcpy
_except_handler3

shlwapi

SHDeleteKeyA
SHDeleteValueA
PathFileExistsA
SHGetValueA
SHSetValueA

psapi

GetModuleInformation
GetModuleFileNameExA

ws2_32

connect
htonl
htons
WSAEventSelect
shutdown
recv
gethostbyname
send
WSAStartup
inet_addr
WSAGetLastError
WSARecvFrom
setsockopt
sendto
WSACleanup
bind
socket
WSACreateEvent
closesocket
inet_ntoa
gethostname

iphlpapi

GetNetworkParams
GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusShutdown

kernel32

LockResource
CreateToolhelp32Snapshot
GetFileTime
LocalFree
WideCharToMultiByte
ResetEvent
DeviceIoControl
CreateThread
lstrcmpA
SetEvent
ConnectNamedPipe
TerminateThread
ExitThread
lstrlenW
DisconnectNamedPipe
GetTempPathA
lstrcpynA
WinExec
OpenEventA
GetVolumeInformationA
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
OpenThread
CopyFileA
CreateNamedPipeA
ExitProcess
CreateFileA
lstrlenA
VirtualQuery
SetEndOfFile
WaitForSingleObject
GetTickCount
VirtualFree
WriteFile
OpenProcess
Sleep
CreateEventA
CreateProcessA
ReadFile
GetSystemDirectoryA
lstrcatA
MultiByteToWideChar
GetLastError
lstrcmpiA
GetProcAddress
LoadLibraryA
SetNamedPipeHandleState
GetModuleFileNameA
lstrcmpiW
GetModuleHandleA
VirtualProtect
GetVersionExA
CloseHandle
CreateFileMappingA
lstrcpyW
DeleteFileA
lstrcpyA
GetFileSize
FindResourceA
FreeResource
MapViewOfFile
UnmapViewOfFile
FreeLibrary
LoadResource
GetCurrentProcess
Process32First
GetSystemTimeAsFileTime
SetFileTime
Thread32First
SizeofResource
Thread32Next
VirtualAlloc
Process32Next
FlushFileBuffers

user32

ReleaseDC
FindWindowA
PostMessageA
wsprintfW
wsprintfA
GetWindow
GetWindowTextA
GetDC

gdi32

BitBlt
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

BuildExplicitAccessWithNameA
OpenSCManagerA
ControlService
RegOpenKeyA
RegCloseKey
OpenProcessToken
SetEntriesInAclA
SetNamedSecurityInfoA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetNamedSecurityInfoA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
CreateServiceA
StartServiceA
DuplicateTokenEx
CreateProcessAsUserA
RegNotifyChangeKeyValue
RegSaveKeyA
RegOpenKeyExA
RegRestoreKeyA
QueryServiceStatus

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d242f8ec736c94a26c8601aca691cb5d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

psapi

ws2_32

iphlpapi

userenv

gdiplus

kernel32

user32

gdi32

advapi32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 100KB

.rsrc Size: 10KB - Virtual size: 12KB

.vmp0 Size: 4KB - Virtual size: 4KB

.vmp1 Size: 28KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 4KB

.aspack Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 100KB

.rsrc
Size: 10KB - Virtual size: 12KB

.vmp0
Size: 4KB - Virtual size: 4KB

.vmp1
Size: 28KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 4KB

.aspack
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB