cbb2121560bb7e047daca8232982c6726c4801c80edf43a7fe5454abea262e7e

Sharing

Copy URL

Twitter E-mail

General

Target

cbb2121560bb7e047daca8232982c6726c4801c80edf43a7fe5454abea262e7e
Size

259KB
MD5

4a19df077b82956344414beacaa8ea63
SHA1

95d3039436095f44ae08a56b6665925b3e4ee7c2
SHA256

cbb2121560bb7e047daca8232982c6726c4801c80edf43a7fe5454abea262e7e
SHA512

60d5e96d62bd3b4a209e55dd1916e3154da730572392c821a1e6b22ad9ee8f958bfc7214c4c7339c6ac51941ca354d691ce78a6f6b8ef8835d9b4972989673c8
SSDEEP

6144:UEgqgv0ww5cO4XwG+5R1UzO8Yxh7Bs07S/K9u2FOJLha1:UEgqWrgrR9BseQ2uU1

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

cbb2121560bb7e047daca8232982c6726c4801c80edf43a7fe5454abea262e7e
.dll windows x86

86d4bb9e0793d86f39db4ecc353b17c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueA
SHSetValueA

msvcrt

_setjmp3
__CxxLongjmpUnwind
longjmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
printf
_mkdir
strftime
fread
_stricmp
isspace
strchr
_CIpow
strtok
strncpy
memmove
fwrite
rename
strcmp
atol
sscanf
free
localtime
mktime
vsprintf
malloc
memcmp
exit
strcat
_access
fopen
fclose
strstr
atoi
__CxxFrameHandler
time
srand
rand
memset
getenv
strrchr
_CIacos
??1type_info@@UAE@XZ
_mbscmp
_CIasin
_ftol
_purecall
wprintf
strncmp
_CxxThrowException
_stat
_strnicmp
_strlwr
strcpy
strlen
sprintf
??2@YAPAXI@Z
memcpy
abs
abort

ws2_32

gethostbyname
ntohl
inet_addr
ntohs
htons
gethostname

iphlpapi

GetAdaptersInfo

netapi32

Netbios

user32

GetPriorityClipboardFormat
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
SendMessageA
DefWindowProcA
ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
IsCharAlphaNumericA
GetWindowThreadProcessId
wsprintfA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetSystemMetrics
CloseDesktop
CloseWindowStation
ReleaseDC
GetDC
SetThreadDesktop
OpenDesktopA

oleaut32

VariantInit
CreateErrorInfo
SysFreeString
VariantChangeType
SetErrorInfo
VariantClear
GetErrorInfo

advapi32

CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
DeleteService

kernel32

LocalFree
lstrlenW
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
HeapFree
SetFilePointer
lstrlenA
GetTickCount
MoveFileA
lstrcpyA
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
GetExitCodeProcess
CreateProcessA
OpenProcess
TerminateProcess
GetCurrentThread
GetCurrentProcess
WideCharToMultiByte
FileTimeToSystemTime
GetSystemDefaultLCID
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
InterlockedCompareExchange
WriteFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
DeviceIoControl
GetFileSize
ReadFile
CreateFileA
SystemTimeToFileTime
GetFileTime
LocalFileTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDrives
CopyFileA
OutputDebugStringA
GetModuleFileNameA
CreateMutexA
Module32First
Module32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
WritePrivateProfileStringA
DeleteCriticalSection
ResumeThread
TerminateThread
GetExitCodeThread
CreateEventA
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
SetEvent
GetCurrentThreadId
GetLocalTime
GetLastError
CloseHandle
CreateThread
InterlockedExchange
Sleep
GetTempPathA
InterlockedDecrement
InterlockedIncrement
WinExec
GetShortPathNameA
lstrcatA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetVersionExA

mfc42

ord924
ord858
ord537
ord6877
ord540
ord800
ord4278
ord6883
ord5710
ord535
ord665
ord354
ord2614
ord860
ord2818
ord6394
ord6383
ord5440
ord5450
ord2107
ord541
ord801
ord5858
ord2841
ord3663
ord341
ord5683
ord654
ord4129

gdi32

DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
DeleteDC
GetPixel
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
SetDIBitsToDevice
GetDeviceCaps

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

psapi

EnumProcessModules
GetModuleFileNameExA

ole32

StgOpenStorage
CoInitialize
CoCreateInstance
CoUninitialize
StgIsStorageFile
CoTaskMemFree
CoTaskMemAlloc

winmm

waveInOpen
mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetNumDevs
waveInUnprepareHeader
waveInGetErrorTextA
mixerGetDevCapsA
mixerGetControlDetailsA
mixerSetControlDetails
waveInClose
waveInReset
waveInStart
waveInAddBuffer
waveInPrepareHeader
mixerClose

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86d4bb9e0793d86f39db4ecc353b17c9

Headers

File Characteristics

Imports

shlwapi

msvcrt

ws2_32

iphlpapi

netapi32

user32

oleaut32

advapi32

kernel32

mfc42

gdi32

shell32

psapi

ole32

winmm

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 27KB - Virtual size: 73KB

.vmp0 Size: 10KB - Virtual size: 10KB

.vmp1 Size: 17KB - Virtual size: 17KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 27KB - Virtual size: 73KB

.vmp0
Size: 10KB - Virtual size: 10KB

.vmp1
Size: 17KB - Virtual size: 17KB

.reloc
Size: 10KB - Virtual size: 9KB