9990464d8388c146c53d7e626e886462499499514d0bcf018be19dc1587561ea

Sharing

Copy URL Twitter E-mail

General

Target

9990464d8388c146c53d7e626e886462499499514d0bcf018be19dc1587561ea
Size

70KB
MD5

a136fa945177e1e2480099f6506968c6
SHA1

43959b7bc13a68ed258a8fb72e23d6c6d05a759b
SHA256

9990464d8388c146c53d7e626e886462499499514d0bcf018be19dc1587561ea
SHA512

e74ab2451147efe29f1748c3bab56e0c70004f5d4cc6b5bbbb861e778c44876a93879669e764507b7d2952679269e9e53ae00a857a5826bdd3528e81586cbc52
SSDEEP

1536:OVhbl3+K4GXUGRDC+pRVhbdcuEaC8pKi/Y3a0s:OrB3UGc+pTPcuQ8ki/Y3al

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

9990464d8388c146c53d7e626e886462499499514d0bcf018be19dc1587561ea
.dll windows x86

740bccde094b61eb8804a73c43bf978d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
WideCharToMultiByte
ReadProcessMemory
GetTempPathA
SetThreadPriority
GetFileSize
WriteFile
CloseHandle
CreateFileA
GetProcessHeap
HeapAlloc
DeviceIoControl
VirtualFree
VirtualAlloc
GetSystemDirectoryA
DeleteFileA
lstrcpynA
GetModuleFileNameA
GetCommandLineA
GetProcAddress
VirtualProtect
GetModuleHandleA
GetTickCount
IsBadReadPtr
OpenProcess
WritePrivateProfileStringA
LoadLibraryA
GetPrivateProfileStringA
CreateMutexA
HeapFree
GetLastError
Sleep
ReadFile
InterlockedExchange
DeleteCriticalSection
CreateThread

msvcrt

_strlwr
wcscpy
wcsncat
wcsstr
_except_handler3
strchr
_vsnprintf
isspace
isalnum
memmove
wcscat
exit
realloc
isdigit
isalpha
__dllonexit
_onexit
_strupr
_strcmpi
_itoa
wcscmp
memcpy
atoi
wcslen
malloc
free
strrchr
strncpy
sprintf
strlen
strcat
memset
__CxxFrameHandler
??2@YAPAXI@Z
strcpy
strstr
??3@YAXPAX@Z
_stricmp
mbstowcs
_strdup

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

wsock32

recv
socket
closesocket
gethostbyname
WSAStartup
send
htons
connect

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

user32

GetClassNameW
GetWindow
FindWindowA
GetForegroundWindow
SendMessageA
GetWindowTextA
GetClassNameA
IsWindowVisible
IsWindow
EnumWindows
wsprintfA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

740bccde094b61eb8804a73c43bf978d

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

advapi32

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 21KB

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 11KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 21KB

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 11KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 1KB