a17611c8d1b87a9afda8c22030ef64c672aff0725f737ff80a79e811c6591360

Sharing

Copy URL

Twitter E-mail

General

Target

a17611c8d1b87a9afda8c22030ef64c672aff0725f737ff80a79e811c6591360
Size

84KB
MD5

ace62ed093e98597c2ae795f7bbeeda3
SHA1

a53c3f855359c79ee0ff71a1c6c78d11589a8d89
SHA256

a17611c8d1b87a9afda8c22030ef64c672aff0725f737ff80a79e811c6591360
SHA512

745d91eb65fd3cce6cf51f7ec07be13f982b126797062661b2438beb0ed795483e1930e38cb7797a7d6b50c1516245632be6f6ce6c7ac0941e93a68567217486
SSDEEP

1536:MVPbu5zWWgc71LI1WMmfRfSLuJKJiG5CTx/eq47liZGSSY/9A6N:gDADgR1WMmYLuJKJiG5CFeqkipHFX

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

a17611c8d1b87a9afda8c22030ef64c672aff0725f737ff80a79e811c6591360
.dll windows x86

e3ede482e61bdf16e057a57ca6e0144a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
VirtualProtect
ExitProcess
lstrcmpA
Sleep
lstrcmpiA
GetFileSize
lstrcpynA
GetTempPathA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
VirtualAlloc
lstrlenA
CreateThread
GetModuleFileNameA
OpenProcess
GetCurrentProcessId
WritePrivateProfileStringA
GetSystemTime
WideCharToMultiByte
VirtualFree
ReleaseMutex
CreateMutexA
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetCurrentProcess
IsBadReadPtr
TerminateProcess
GetProcessId
GetSystemDirectoryA
lstrcatA
lstrcpyA
GetTickCount
WriteFile
DeleteFileA
ReadFile
SetFilePointer
MoveFileExA
CopyFileA
CreateFileA
GetFileTime
SetFileTime
GetLastError
CloseHandle
LoadLibraryA
MultiByteToWideChar
GetProcAddress
GetPrivateProfileStringA
FreeLibrary

user32

PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
GetActiveWindow
FindWindowA
IsWindowVisible
GetWindowTextA
GetSystemMetrics
EnumWindows
FindWindowExA
GetWindowThreadProcessId
wsprintfA
GetDC
IsRectEmpty
IsIconic
ReleaseDC

gdi32

CreateDCA
DeleteObject
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetObjectA
GetStockObject
SelectPalette
SelectObject
RealizePalette
GetDIBits

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

msvcrt

_adjust_fdiv
_stricmp
_strlwr
_initterm
__CxxFrameHandler
fopen
fseek
ftell
fread
fclose
_local_unwind2
strrchr
memmove
strstr
??2@YAPAXI@Z
_except_handler3
printf
sprintf
??3@YAXPAX@Z
free
malloc
atoi
wcscmp

psapi

EnumProcessModules

ws2_32

shutdown
inet_ntoa
gethostbyname

gdiplus

GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile

wininet

HttpAddRequestHeadersA
InternetConnectA
HttpOpenRequestA
HttpSendRequestExA
InternetCloseHandle
HttpEndRequestA
InternetOpenA

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

StrChrW

Exports

Exports

CheckIME

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ede482e61bdf16e057a57ca6e0144a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

psapi

ws2_32

gdiplus

wininet

netapi32

version

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 23KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 20KB - Virtual size: 19KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 23KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 20KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 3KB