bf5b0533dcb51334cc1975961fc9d6be7c2fe8fc54639cead02ee5a8071b1540

Sharing

Copy URL Twitter E-mail

General

Target

bf5b0533dcb51334cc1975961fc9d6be7c2fe8fc54639cead02ee5a8071b1540
Size

1.3MB
MD5

7cae21ef1977111bae39f5efdcb46a88
SHA1

65241e2ef529a0b3b18046590fc05889284528ef
SHA256

bf5b0533dcb51334cc1975961fc9d6be7c2fe8fc54639cead02ee5a8071b1540
SHA512

86a17345029ee4123e3a9c23fdf2de848985518262163c7bad01e7192112f99287d444a73dd3328044e2013321d6f0de99de7c2ab31cece5592e29303c924723
SSDEEP

24576:wBv1xDcfgpHZIegCp+/ifFpKdbdA8yYBY4fIRJ9C8wqvEn7hd6zxk:wx1xDjpHsKfFpKzATYBl2U8wlqz+

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

bf5b0533dcb51334cc1975961fc9d6be7c2fe8fc54639cead02ee5a8071b1540
.exe windows x86

ee04f324b63b465e6a8e47efaea46a40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapReAlloc
ExitThread
TerminateProcess
GetACP
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetTempPathA
GetPrivateProfileSectionNamesA
CompareStringA
GetExitCodeThread
ResetEvent
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
GetProfileStringA
GetProfileIntA
GetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
CloseHandle
SetThreadPriority
GetCurrentThread
lstrcmpA
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
SetLastError
FormatMessageA
MulDiv
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
GetVersion
GetVersionExA
FreeLibrary
GetModuleHandleA
LocalSize
GlobalSize
GetSystemDirectoryA
GlobalFree
FindResourceA
SizeofResource
LoadResource
CreateProcessA
lstrcatA
CopyFileA
GetWindowsDirectoryA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
OutputDebugStringA
GlobalAlloc
GlobalLock
GlobalUnlock
WinExec
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
lstrcpyA
MoveFileA
RemoveDirectoryA
ReadFile
DeleteFileA
GetFileSize
FindFirstFileA
FindNextFileA
FindClose
lstrcpynA
LocalAlloc
LocalFree
GetLogicalDriveStringsA
lstrlenA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetFileAttributesA
GetLocalTime
CreateFileA
GetLastError
CreateDirectoryA
SetFilePointer
WriteFile
GetTickCount
VirtualAlloc
VirtualFree
Sleep
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CreateEventA
CreateThread
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetFocus
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
FindWindowA
EnableWindow
RegisterWindowMessageA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
SendMessageA
PeekMessageA
PostMessageA
MessageBoxA
MapWindowPoints
SetRect
DestroyMenu
DestroyCursor
DestroyIcon
SendDlgItemMessageA
GetNextDlgTabItem
GetParent
SetCursor
InvalidateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
TrackPopupMenuEx
GetSubMenu
GetWindowRect
DrawFocusRect
InflateRect
CopyRect
GetClientRect
OffsetRect
DrawStateA
FillRect
GetSysColor
ReleaseDC
CreateIconIndirect
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
IsRectEmpty
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
LoadStringA
CharUpperA
IsZoomed
ShowOwnedPopups
ValidateRect
SetWindowContextHelpId
MapDialogRect
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
GetClassNameA
GetDC
GetIconInfo
LoadImageA
LoadMenuA
LoadCursorA
DefWindowProcA
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetClipboardFormatNameA
GetTabbedTextExtentA
HideCaret
ShowCaret
IsMenu
GetMenuDefaultItem
GetMenuItemInfoA
SendMessageTimeoutA
GetDoubleClickTime
GetWindowRgn
IsWindowUnicode
GetWindowLongW
SetWindowLongW
UnionRect
SetCursorPos
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
InsertMenuA
GetMenuStringA
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
RegisterClipboardFormatA
SystemParametersInfoA
SetParent
InvertRect
PostThreadMessageA
GetWindowLongA
GetMenuStringW
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
IsClipboardFormatAvailable
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
WaitMessage
MapVirtualKeyA
CreatePopupMenu
GetClassInfoA
GetCursor
DrawFrameControl
SetRectEmpty
SetTimer
SetCapture
ReleaseCapture
GetKeyState
KillTimer
PtInRect
CopyIcon
GetWindow
ScreenToClient
UpdateWindow
IsWindowVisible
SetWindowPos
GetDlgCtrlID
GetFocus
GetCursorPos
EnableMenuItem
GetMenuItemCount
DeleteMenu
CharNextA
RedrawWindow
DrawEdge
GetSystemMetrics
MessageBeep
CheckMenuItem
GetSystemMenu
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadBitmapA
GetDesktopWindow
AnimateWindow
SetForegroundWindow
SetWindowLongA
LockWindowUpdate
SetClassLongA
CheckMenuRadioItem
AppendMenuA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
PostQuitMessage
SetMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
SetWindowRgn
GetSysColorBrush
RegisterClassExA
GetClipboardData
DrawTextA
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
MessageBoxA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
GetClipRgn
ExtSelectClipRgn
GetViewportExtEx
DeleteObject
CreatePatternBrush
PtVisible
RectVisible
Escape
ExtTextOutA
PatBlt
SetRectRgn
CreateRectRgnIndirect
GetTextMetricsA
GetCharWidthA
CreateFontA
CopyMetaFileA
GetTextColor
GetBkColor
CreateSolidBrush
CombineRgn
CreateRectRgn
SetBitmapBits
TextOutA
SetBkMode
GetDIBits
RealizePalette
SelectPalette
GetDeviceCaps
CreateDCA
RoundRect
CreatePen
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
SetPixel
GetPixel
GetObjectA
CreatePolygonRgn
FillRgn
PlgBlt
Rectangle
CreateFontIndirectA
PtInRegion
StretchBlt
SetPixelV
GetTextExtentPoint32A
CreateDIBSection
GetWindowExtEx
GetClipBox
LPtoDP
CreateDIBitmap
GetTextExtentPointA
ExtFloodFill
ExtTextOutW
GetTextExtentPoint32W
BeginPath
CloseFigure
EndPath
StrokeAndFillPath
FillPath
StrokePath
Ellipse
GetViewportOrgEx
Polyline
GetRgnBox
ExtCreateRegion
GetBitmapBits
EnumFontFamiliesExA
GetTextAlign
GetCurrentObject
GetWindowOrgEx
Polygon
StretchDIBits
DPtoLP
SaveDC
RestoreDC
SetStretchBltMode
SetMapMode
GetMapMode
SetViewportOrgEx

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegCloseKey

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetFileInfoA
ord71
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetImageInfo
ImageList_Draw
ImageList_Remove
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetIcon

oledlg

ord1
ord8

ole32

CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
OleFlushClipboard
CoTaskMemFree
OleIsCurrentClipboard
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
LoadTypeLi
SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VarBstrFromDate
VarDateFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

ws2_32

WSAGetLastError
shutdown
getsockname
ntohs
ioctlsocket
connect
select
gethostname
gethostbyname
WSACloseEvent
WSASend
WSARecv
socket
accept
inet_ntoa
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
WSAStartup
closesocket
getpeername

pdh

PdhCloseQuery
PdhAddCounterA
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData

avifil32

AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVIFileInit

msvfw32

ICCompressorFree
ICSeqCompressFrameStart
ICSendMessage
ICSeqCompressFrameEnd
ICDecompress
ICClose
ICOpen

shlwapi

SHAutoComplete
PathRemoveFileSpecA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetCloseHandle

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA
sndPlaySoundA
waveOutClose

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.1MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee04f324b63b465e6a8e47efaea46a40

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

shlwapi

wininet

winmm

Sections

.text Size: - Virtual size: 1.8MB

.rodata Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 290KB

.data Size: - Virtual size: 586KB

.rsrc Size: 272KB - Virtual size: 424KB

.vmp0 Size: - Virtual size: 16KB

.vmp1 Size: 1.1MB - Virtual size: 1.0MB

.reloc Size: 4KB - Virtual size: 120B

.text
Size: - Virtual size: 1.8MB

.rodata
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 290KB

.data
Size: - Virtual size: 586KB

.rsrc
Size: 272KB - Virtual size: 424KB

.vmp0
Size: - Virtual size: 16KB

.vmp1
Size: 1.1MB - Virtual size: 1.0MB

.reloc
Size: 4KB - Virtual size: 120B