31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a

Sharing

Copy URL

Twitter E-mail

General

Target

31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a
Size

64KB
MD5

31dee6d5d2af6a1c5908de853ea2a130
SHA1

03426f14ffd948a2290f274279541215e364e7a8
SHA256

31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a
SHA512

39ed588d9e33929866a687122692b892408e80f47d5e1ec4cfcb3a7683655d51889a1a16cc2c3e57152b2b43e88aeda874c1ca383a276141b6502dd02eeac746
SSDEEP

768:Re+khqTXnhKftGtsVH/mNAVLGQGxb/A7L3nSS/Ia/oFXqUWuu7KYWvk:zvTXnhKAtsheNAVLGQMTkQcUvY6k

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

31d99f567c43ee0c26a394de178571e8fc64c4ffb92e1692c25cf08ce8e2445a
.dll windows x86

58bca8e29acfcbc9e46e62e30e39ae41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
SetFilePointer
GetModuleFileNameA
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
IsBadReadPtr
VirtualAlloc
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
ReadFile
GetTickCount
lstrcmpiA
lstrcmpA
WinExec
GetCurrentProcess
ExitProcess
Sleep
lstrlenA
lstrcpynA
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetTempPathA
lstrcatA
VirtualProtect
OutputDebugStringA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetForegroundWindow
GetClassNameA
EnumWindows
GetSystemMetrics
IsWindowVisible
IsIconic
GetActiveWindow
ShowWindow
SetForegroundWindow
GetWindowInfo
PrintWindow
FindWindowA
PostThreadMessageA
GetWindowThreadProcessId
IsRectEmpty
ReleaseDC
LoadImageA
GetDC
ShowScrollBar
EndDialog
GetWindowTextA
SendMessageA
GetDlgItem
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetCursorPos
ExitWindowsEx
DialogBoxParamA
FindWindowExA

gdi32

CreateCompatibleBitmap
DeleteObject
SelectPalette
CreateDCA
GetDeviceCaps
DeleteDC
StretchBlt
GetObjectA
SelectObject
CreateCompatibleDC
GetStockObject
SetTextColor
SetBkColor
GetDIBits
RealizePalette
BitBlt

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam

wininet

HttpAddRequestHeadersA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetQueryDataAvailable

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

netapi32

Netbios

msvcrt

atoi
strstr
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
memmove
strchr
sscanf
sprintf
strrchr

Exports

Exports

DeleteSelf
Hookoff
Hookon
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58bca8e29acfcbc9e46e62e30e39ae41

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 264B

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 16KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 264B

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 16KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 2KB