abebd76c122490e49374ebab05df95ed6688ae574ff5b7ac36aad4b2f05e6584

Sharing

Copy URL Twitter E-mail

General

Target

abebd76c122490e49374ebab05df95ed6688ae574ff5b7ac36aad4b2f05e6584
Size

388KB
MD5

26d2b0eb74de55df99d54ce0b63f52a1
SHA1

eb1f44848db6e3bdcbd9b472e7141eb174ea5e34
SHA256

abebd76c122490e49374ebab05df95ed6688ae574ff5b7ac36aad4b2f05e6584
SHA512

df4ebd0b048115068eb0f765cadbc6e7bfe8639ae291b91773a1d5fc231428e25256e55fcbc9b2c939cc1dc91e0bd1e8bc28807f6a0fd0b30a9b8d7a5f4719fb
SSDEEP

12288:N7r1XQ8y8X4oy76fw+ly1b0K0WVBFAYu1Z93N:N7pXP5IR6471bBBFAYuj93N

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

abebd76c122490e49374ebab05df95ed6688ae574ff5b7ac36aad4b2f05e6584
.exe windows x86

d326d959cff542b5a9b15d4dad59d199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetLineInfoA
mciSendCommandA
mixerClose
sndPlaySoundA
PlaySoundW
timeGetTime
waveOutReset
mixerGetLineControlsA
timeGetDevCaps
waveOutClose
timeEndPeriod
waveOutUnprepareHeader
mixerGetLineInfoW
mixerOpen
mciGetDeviceIDA
waveInGetDevCapsW
mixerGetID
waveOutGetPosition
mixerGetControlDetailsW
waveOutWrite
mixerSetControlDetails
waveOutPrepareHeader
mixerGetControlDetailsA
mmioRead
mmioDescend
waveInGetNumDevs
waveInMessage
waveInStop
waveOutGetDevCapsA
waveOutGetNumDevs
mixerGetLineControlsW
mixerGetDevCapsW
PlaySoundA

shell32

Shell_NotifyIconW
SHGetFileInfoW
SHChangeNotify
ShellExecuteA
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
DragFinish
DragAcceptFiles
SHFileOperationW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
ExtractIconA
SHGetSpecialFolderPathW
SHGetPathFromIDListA
ord155
DragQueryFileA

user32

GetTopWindow
DestroyWindow
SetMenuItemBitmaps
LoadStringA
CreateDialogIndirectParamA
RegisterClassExA
GetSystemMetrics
LoadKeyboardLayoutA
DrawTextExW
GetDlgCtrlID
ModifyMenuA
GetNextDlgTabItem
ClientToScreen
GetForegroundWindow
SetMenuDefaultItem
LoadImageW
GetKeyboardLayout
IsChild
GetMessageW
EndPaint
GetParent
ShowCursor
CheckDlgButton
PostThreadMessageA
LoadCursorA
DrawIcon
GetClassLongA
DrawTextA
SetMenuItemInfoW
TrackPopupMenu
RemoveMenu
GetWindowRgn
GetClassInfoExA
GetWindowDC
ChildWindowFromPoint
RedrawWindow
GetDlgItemInt
CreatePopupMenu
InsertMenuW
SetWindowPlacement
FillRect
SetClipboardData
GetSysColorBrush
CharNextA
LoadAcceleratorsA
GetWindowTextLengthW
SetMenuItemInfoA
GetWindowTextA
CreateWindowExW
SetScrollPos
UnregisterClassA
GetSystemMenu
IsMenu
GetClassInfoW
DrawStateW
GetDlgItem
CharLowerW
GetMenuItemInfoW
SetFocus
SetWindowLongA
ShowWindow
SetWindowTextA
DefDlgProcA
SetDlgItemTextW
GetWindowTextW
OemToCharA
KillTimer
SetCursor
CallNextHookEx
GetSubMenu
SetWindowLongW
GetSysColor
CheckMenuItem
CharUpperW
CreateIconFromResourceEx
RegisterClassW
InvalidateRgn
SetScrollRange
SetWindowTextW
PeekMessageA
SetParent
GetFocus
GetClassLongW
InsertMenuA
BeginDeferWindowPos
LoadCursorW
DeferWindowPos
GetMenuState
GetMenuCheckMarkDimensions
SendMessageA
RegisterClipboardFormatA
DrawFocusRect
GetScrollPos
OpenClipboard
DispatchMessageA
MapDialogRect
GetMenuItemCount
DestroyMenu
DrawMenuBar
MoveWindow
SetScrollInfo
CreateDialogIndirectParamW
EnableWindow
PeekMessageW
WinHelpW
GetMenuItemID
IsWindowVisible
PostQuitMessage
InvalidateRect
CharLowerA
wsprintfA
ReuseDDElParam
SetRect
TranslateMessage
SetCursorPos
DrawEdge
DispatchMessageW
CopyAcceleratorTableA
SetCapture
ShowOwnedPopups
GetWindow
IsDlgButtonChecked
SetDlgItemTextA
PostMessageA
GetWindowThreadProcessId
EnableMenuItem
IsIconic
IsWindowEnabled
WindowFromPoint
wsprintfW
SetPropA
TabbedTextOutA
DefWindowProcW
PtInRect
GetMenuDefaultItem
SetRectEmpty
RemovePropA
GetClientRect
EndDialog
GetClassNameW
DrawFrameControl
EmptyClipboard
AdjustWindowRectEx
GetScrollRange
ValidateRect
SetMenu
GetNextDlgGroupItem
SendNotifyMessageA
MessageBeep
InflateRect
GetPropA
SendDlgItemMessageA
LockWindowUpdate
DestroyCursor
LoadStringW
SetPropW
SetWindowContextHelpId
TrackPopupMenuEx
SetWindowRgn
CharUpperBuffW
GetMessageTime
GetWindowPlacement
CopyRect
MsgWaitForMultipleObjects
SetWindowsHookExA
TranslateAcceleratorW
GetMenu
GetScrollInfo
IsRectEmpty
WaitMessage
RegisterWindowMessageA
ReleaseDC
GetKeyNameTextA
BeginPaint
GetClassInfoA
GetActiveWindow
FrameRect
MapWindowPoints
TrackMouseEvent
LoadMenuA
SetWindowPos
GetPropW
GetClassNameA
UnhookWindowsHookEx
GetMenuItemInfoA
UnpackDDElParam
SetWindowsHookExW
GetLastActivePopup
GetAsyncKeyState
LoadBitmapA
IsDialogMessageW
OffsetRect
GetCapture
LoadBitmapW
DrawTextExA
CreateAcceleratorTableW
IsWindow
LoadIconA
GrayStringA
DestroyAcceleratorTable
IsZoomed
GetIconInfo
GetMessageA
RegisterClassExW
SetForegroundWindow
SetActiveWindow
GetWindowRect
AdjustWindowRect
SystemParametersInfoA
EqualRect
RegisterClipboardFormatW
SetTimer
MessageBoxW
UpdateWindow
wvsprintfA
GetUpdateRect
FindWindowA
CloseClipboard
SendDlgItemMessageW
BringWindowToTop
ScreenToClient
DefWindowProcA
SystemParametersInfoW
IsDialogMessageA
ClipCursor
HideCaret
SetClipboardViewer
EndDeferWindowPos
GetCursorPos
GetMonitorInfoW
DrawTextW
IsCharAlphaNumericA
AppendMenuW
ReleaseCapture
SendMessageW
GetMessagePos
GetDesktopWindow
ExcludeUpdateRgn
AppendMenuA
RegisterWindowMessageW
DestroyIcon
CreateWindowExA
RegisterClassA
SetDlgItemInt
MessageBoxA

kernel32

SuspendThread
GetThreadLocale
GetEnvironmentVariableW
GlobalAlloc
FormatMessageA
DebugBreak
GetTimeZoneInformation
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryW
GetThreadPriority
GetConsoleCP
SetEnvironmentVariableA
FatalAppExitA
WritePrivateProfileStringA
ExitProcess
DeleteFileW
GetCommandLineA
CreateProcessW
GlobalFindAtomA
GetDateFormatA
FindResourceExA
IsValidCodePage
GetFileInformationByHandle
VirtualFree
GetTimeFormatA
GetTempPathA
GetUserDefaultLangID
CreateThread
CreateMutexA
MapViewOfFile
GetSystemDirectoryA
WaitForMultipleObjects
GetACP
WaitForSingleObject
SetFileAttributesW
InitializeCriticalSection
LocalAlloc
GetEnvironmentVariableA
RtlUnwind
TerminateProcess
WideCharToMultiByte
FileTimeToLocalFileTime
FindClose
GetTempFileNameA
SetLastError
GetModuleHandleW
CloseHandle
QueryPerformanceCounter
InterlockedIncrement
GetModuleFileNameW
GlobalGetAtomNameW
LoadLibraryW
TlsGetValue
GetCommandLineW
DeleteFileA
GetUserDefaultLCID
CreateFileMappingA
GetStringTypeW
SetStdHandle
SetCurrentDirectoryW
GlobalGetAtomNameA
WriteFile
GlobalDeleteAtom
GetConsoleMode
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
SetFileAttributesA
CreateMutexW
GetOEMCP
lstrlenA
CreateFileA
ReadFile
GetLocaleInfoA
lstrcmpW
HeapValidate
CreateEventA
GetProfileIntA
GetEnvironmentStringsW
GetFullPathNameW
SetEndOfFile
GetConsoleOutputCP
ExitThread
GetFileSize
FindResourceW
SetErrorMode
WriteConsoleW
GetStdHandle
LoadResource
GetStringTypeA
SetEvent
WriteConsoleA
GetProcAddress
HeapFree
CopyFileW
HeapDestroy
HeapReAlloc
GetVolumeInformationW
LockResource
LoadLibraryA
IsBadReadPtr
LCMapStringW
RaiseException
InterlockedDecrement
GlobalHandle
GetCurrentDirectoryW
lstrcatW
LocalReAlloc
GlobalAddAtomA
MulDiv
GetDriveTypeA
GetFileAttributesA
OutputDebugStringA
GetFileAttributesW
GetSystemTime
VirtualQuery
lstrcmpiW
VirtualAlloc
WritePrivateProfileSectionA
GetVersion
lstrcatA
SystemTimeToTzSpecificLocalTime
GetStringTypeExA
lstrcpyW
LoadLibraryExA
GetLocaleInfoW
GetCurrentDirectoryA
IsBadWritePtr
GlobalSize
GetEnvironmentStrings
FlushFileBuffers
lstrcmpiA
HeapSize
GetFullPathNameA
GlobalLock
GetStartupInfoA
GetFileTime
GetModuleFileNameA
TlsSetValue
UnhandledExceptionFilter
IsBadCodePtr
GetCurrentThread
IsDebuggerPresent
LocalFree
GetLastError
HeapAlloc
CompareStringW
GetCurrentProcessId
HeapCreate
ResumeThread
OutputDebugStringW
FreeResource
GetFileType
GetPrivateProfileIntA
LeaveCriticalSection
SizeofResource
GetTickCount
FreeEnvironmentStringsW
SetFilePointer
GlobalFindAtomW
GlobalFree
GetCPInfo
FreeLibrary
GetModuleHandleA
MultiByteToWideChar
SetHandleCount
TlsAlloc
InterlockedCompareExchange
CompareStringA
EnterCriticalSection
GetCurrentThreadId
lstrcmpA
GetFileAttributesExW
GetNumberFormatA
GetVolumeInformationA
lstrlenW
FindResourceA
GetWindowsDirectoryA
Sleep
GetStartupInfoW
SearchPathA
InterlockedExchange
GetDateFormatW
lstrcpynA
FreeEnvironmentStringsA
GetProcessHeap
DeleteCriticalSection
FileTimeToSystemTime
EnumSystemLocalesA
WriteProcessMemory
GlobalUnlock
GlobalFlags
LCMapStringA
OpenMutexA
ResetEvent
FindFirstFileA
GetLocalTime
IsValidLocale
WritePrivateProfileStringW
TlsFree
SetUnhandledExceptionFilter
GetVersionExA
GetTempPathW
VirtualProtect
GetModuleFileNameA
ExitProcess

comdlg32

ReplaceTextW
CommDlgExtendedError
ChooseColorW
PrintDlgW
GetSaveFileNameA
GetOpenFileNameW
PageSetupDlgW
ChooseFontW
GetSaveFileNameW

advapi32

LookupPrivilegeValueA
RegQueryValueExW
GetFileSecurityW
SetFileSecurityA
DeleteService
RegDeleteKeyA
OpenSCManagerW
RegDeleteKeyW
GetFileSecurityA
CryptDecrypt
GetSecurityDescriptorDacl
RegQueryInfoKeyA
QueryServiceConfigA
GetTokenInformation
RegEnumValueA
RegCreateKeyExW
GetSecurityInfo
GetAclInformation
OpenThreadToken
RegOpenKeyA
OpenServiceW
CopySid
ImpersonateSelf
RegOpenKeyW
RegEnumKeyW
GetLengthSid
ChangeServiceConfigA
RegSetValueA
RegDeleteValueA
AllocateAndInitializeSid
RegEnumKeyExW
RegQueryValueExA
RegQueryValueW
CryptReleaseContext
RegSetValueExW
RegCloseKey
AccessCheck
FreeSid
RevertToSelf
RegFlushKey
RegCreateKeyExA
InitializeAcl
RegCreateKeyW
AddAce
InitializeSecurityDescriptor
OpenSCManagerA
RegQueryValueA
RegEnumKeyA
GetUserNameA
RegCreateKeyA
GetUserNameW
RegSetValueExA
RegOpenCurrentUser
RegEnumKeyExA
QueryServiceStatus
RegOpenKeyExA
AdjustTokenPrivileges
CryptAcquireContextA
RegOpenKeyExW
CloseServiceHandle
AddAccessAllowedAce
CreateProcessAsUserA

oleaut32

LoadTypeLi

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA

comctl32

ImageList_BeginDrag
ImageList_GetIcon
ImageList_DragLeave
InitCommonControlsEx
ImageList_GetImageInfo
PropertySheetA
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_Draw
CreatePropertySheetPageW
ImageList_Add
ImageList_Read
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Write
ImageList_DragEnter
ImageList_GetIconSize
ImageList_GetBkColor
DestroyPropertySheetPage
ImageList_Destroy
ImageList_Remove
ImageList_Create
ImageList_Duplicate
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_DrawIndirect
ord17
ImageList_DragShowNolock
ImageList_SetBkColor
CreatePropertySheetPageA
_TrackMouseEvent
ImageList_LoadImageA

Sections

.text
Size: - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d326d959cff542b5a9b15d4dad59d199

Headers

File Characteristics

Imports

winmm

shell32

user32

kernel32

comdlg32

advapi32

oleaut32

version

comctl32

Sections

.text Size: - Virtual size: 209KB

.rdata Size: - Virtual size: 127KB

.data Size: - Virtual size: 102KB

.rsrc Size: 28KB - Virtual size: 72KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 352KB - Virtual size: 349KB

.reloc Size: 4KB - Virtual size: 96B

.text
Size: - Virtual size: 209KB

.rdata
Size: - Virtual size: 127KB

.data
Size: - Virtual size: 102KB

.rsrc
Size: 28KB - Virtual size: 72KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 352KB - Virtual size: 349KB

.reloc
Size: 4KB - Virtual size: 96B