982c15d0917efc6b4a381dc31e7607bad7de320813d9feade00cc1bf3bc0ff72

Sharing

Copy URL Twitter E-mail

General

Target

982c15d0917efc6b4a381dc31e7607bad7de320813d9feade00cc1bf3bc0ff72
Size

208KB
MD5

80b16eccd4c3cd4b77ef9897b5f8d409
SHA1

4a532cb0e6fc31bb19cc948f0f63cb81ed86e71c
SHA256

982c15d0917efc6b4a381dc31e7607bad7de320813d9feade00cc1bf3bc0ff72
SHA512

c8fb98e7797353a532fdbf36e0a8fd4db4d197dc2ddbecd83e8df3b3c7417d120497ef92863ae271002010c98e135e3d644286ad6ed87bacabfab80e5202c28c
SSDEEP

6144:kZ2ySmXeVKbylL1SV+8RGeyamnX1C179dNCFRZ:kAlGyl5SVyk1pdMrZ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

982c15d0917efc6b4a381dc31e7607bad7de320813d9feade00cc1bf3bc0ff72
.exe windows x86

c9aae3c08ef51d753dada70f511fabf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FreeLibrary
GetTickCount
GetTempPathA
WriteFile
SetFilePointer
CreateFileA
WritePrivateProfileStringA
TerminateThread
OutputDebugStringA
GetCurrentProcess
ExitProcess
SetFileAttributesA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
CancelIo
GetPrivateProfileStringA
GetVersionExA
GetSystemDefaultUILanguage
ReleaseMutex
OpenEventA
SetErrorMode
GetLastError
CreateMutexA
SetUnhandledExceptionFilter
SetThreadPriority
CreateThread
GetCurrentProcessId
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
CreateProcessA
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
HeapReAlloc
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualQuery
GetProcessHeap
GetModuleFileNameW
GetStdHandle
GetLocaleInfoW
RtlUnwind
RaiseException
GetModuleHandleW
DecodePointer
ExitThread
GetCurrentThreadId
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
lstrlenA
LoadLibraryW
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
FatalAppExitA
SetConsoleCtrlHandler
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA
ExitWindowsEx
MessageBoxA

advapi32

RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

inet_addr
send
closesocket
recv
inet_ntoa
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
sendto
WSASocketA
htonl
gethostname
ntohs
select

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Sections

.textbss
Size: - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9aae3c08ef51d753dada70f511fabf6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

Sections

.textbss Size: - Virtual size: 139KB

.text Size: - Virtual size: 303KB

.rdata Size: - Virtual size: 35KB

.data Size: - Virtual size: 27KB

.idata Size: - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.vmp0 Size: - Virtual size: 11KB

.vmp1 Size: - Virtual size: 62KB

.vmp2 Size: 204KB - Virtual size: 204KB

.reloc Size: 512B - Virtual size: 68B

.textbss
Size: - Virtual size: 139KB

.text
Size: - Virtual size: 303KB

.rdata
Size: - Virtual size: 35KB

.data
Size: - Virtual size: 27KB

.idata
Size: - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.vmp0
Size: - Virtual size: 11KB

.vmp1
Size: - Virtual size: 62KB

.vmp2
Size: 204KB - Virtual size: 204KB

.reloc
Size: 512B - Virtual size: 68B