ff7dc5a794d556823f93b754b8e9e314d50e32a06dbc8ef2417087374ae2f5b4

Sharing

Copy URL Twitter E-mail

General

Target

ff7dc5a794d556823f93b754b8e9e314d50e32a06dbc8ef2417087374ae2f5b4
Size

64KB
MD5

e9a69da9601835427e9c4551caf4bec3
SHA1

ab95270e75d9721f5fe86a98a07253d5d2dafc63
SHA256

ff7dc5a794d556823f93b754b8e9e314d50e32a06dbc8ef2417087374ae2f5b4
SHA512

bbcb23c58d49ae9abd3266a608c554847fb6347872332a5086343c3b95904561e5cf53b6d104e838457561d2f91eabbced645d52d09a5b08aed312e900251652
SSDEEP

1536:/ylN8yS2KAbKRoHqbar1AZ61XKu5i2w8:YN8yS2KMKRoHqbx61LP

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

ff7dc5a794d556823f93b754b8e9e314d50e32a06dbc8ef2417087374ae2f5b4
.dll windows x86

35afc95ad9c86000a5415709c969c68e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSCEnumProtocols
recv
gethostname
bind
ioctlsocket
ntohs
gethostbyname
inet_ntoa
closesocket
connect
WSCGetProviderPath
socket
inet_addr
send
htons

shlwapi

StrChrA
StrStrA
StrCmpNA
StrRChrA
StrCpyW
StrStrIA
StrCmpW
StrCatW

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

gdiplus

GdipCloneImage
GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdiplusStartup

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetReadFile

mfc42

ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord823
ord3953
ord2725
ord5300
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord825
ord269
ord826
ord600
ord1578
ord1116
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord3346

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
__CxxFrameHandler
atoi
malloc
free
_purecall
sprintf

kernel32

DeleteFileW
CloseHandle
ReadFile
CreateFileA
DeleteFileA
Sleep
lstrcatA
lstrcpyA
WriteProcessMemory
GetCurrentProcess
GetProcAddress
GetModuleHandleA
lstrcpynA
lstrcmpA
GlobalFree
CreateFileW
GetFileSize
LocalFree
ExpandEnvironmentStringsW
LoadLibraryW
GetModuleFileNameA
CreateProcessA
GetCurrentProcessId
GetCommandLineA
GetTempPathA
OpenProcess
TerminateProcess
ExitProcess
CreateThread
VirtualQuery
GlobalAlloc
LocalAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
DeviceIoControl
SetFilePointer
MoveFileA
GetSystemDirectoryA
SetFileAttributesA
GetLocalTime
WriteFile
TerminateThread

user32

PeekMessageA
CharLowerA
ReleaseDC
GetDC
GetClientRect
wsprintfA
PostThreadMessageA
keybd_event
PostMessageA
GetWindowDC
ScreenToClient
GetForegroundWindow
KillTimer
GetWindow
ShowWindow
GetTopWindow
GetWindowThreadProcessId
GetWindowTextA
GetAsyncKeyState
MapVirtualKeyA
GetDesktopWindow
CallNextHookEx
SetWindowsHookExA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
GetKeyState

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetPixel
CreateCompatibleDC
GetDIBits
GetObjectA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
OpenSCManagerA

Exports

Exports

Start
WSPStartup

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35afc95ad9c86000a5415709c969c68e

Headers

File Characteristics

Imports

ws2_32

shlwapi

psapi

gdiplus

iphlpapi

wininet

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 8KB

Shared Size: 4KB - Virtual size: 2KB

.vmp0 Size: 4KB - Virtual size: 3KB

.vmp1 Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 8KB

Shared
Size: 4KB - Virtual size: 2KB

.vmp0
Size: 4KB - Virtual size: 3KB

.vmp1
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB