fe443b0b5264a3dae5577e276a2c324fb753c54a18028fa13e1c9c5ba3a0d3fa

Sharing

Copy URL Twitter E-mail

General

Target

fe443b0b5264a3dae5577e276a2c324fb753c54a18028fa13e1c9c5ba3a0d3fa
Size

5.1MB
MD5

014a275e8b32dff32a7df88bb2e5c285
SHA1

1747919029c5bade03c6299eba8b2bca00dc8344
SHA256

fe443b0b5264a3dae5577e276a2c324fb753c54a18028fa13e1c9c5ba3a0d3fa
SHA512

375dc6596ba6902a6a296689a6018427959040c3ac53194f5fdff8b57bb31fcee556dec9ad1d950cc632f65e2727b815ced960fe44025aa04da96be859740cc9
SSDEEP

98304:7Xv0UuHDhbnQ+DoeKGDmdHZWW9Zg9upSixsZxAGNS6LpRwU:bcUAbn5xDmrWoi07xYmGdLX

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

fe443b0b5264a3dae5577e276a2c324fb753c54a18028fa13e1c9c5ba3a0d3fa
.exe windows x64

4ed1c76497c8e245ec97e18465d3b957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

mfc140u

ord3212
ord320
ord6850
ord450
ord11855
ord8926
ord7235
ord4510
ord8417
ord4513
ord12241
ord4949
ord11673
ord533
ord13407
ord11677
ord5498
ord1153
ord12785
ord11996
ord11999
ord3728
ord1034
ord310
ord300
ord6718
ord2415
ord2270
ord2909
ord8058
ord12600
ord8452
ord14033
ord14039
ord8409
ord8900
ord4511
ord13986
ord2903
ord1670
ord1667
ord1505
ord9941
ord5555
ord2178
ord6614
ord983
ord3209
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord7719
ord12212
ord14088
ord11665
ord11664
ord2011
ord7668
ord12625
ord1504
ord1503
ord1501
ord280
ord296
ord7893
ord4947
ord2414
ord1641
ord5709
ord285
ord2921
ord2340
ord2182
ord2346
ord9946
ord2344
ord3949
ord4011
ord9089
ord14216
ord962
ord13597
ord7650
ord14210
ord12223
ord12222
ord2439
ord10070
ord5183
ord8023
ord7716
ord4445
ord12544
ord12606
ord10124
ord13545
ord3230
ord11929
ord8084
ord1450
ord7393
ord8167
ord12932
ord1428
ord6505
ord12030
ord14225
ord12087
ord14278
ord4656
ord12443
ord11901
ord11933
ord7920
ord11921
ord5706
ord3731
ord12240
ord8059
ord1508
ord316
ord2418
ord6320
ord3756
ord1033
ord286
ord2357
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5339
ord9041
ord5552
ord5363
ord5080
ord2358
ord7913
ord14360
ord9976
ord2212
ord2231
ord9978
ord9977
ord9975
ord6250
ord9979
ord2187
ord5451
ord11414
ord11415
ord8830
ord1091
ord11771
ord2222
ord4658
ord3071
ord3718
ord11625
ord14209
ord3307
ord8656
ord3308
ord6729
ord10691
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord10163
ord1755
ord4776
ord11085
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord10704
ord8731
ord4752
ord4767
ord1089
ord4828
ord4360
ord5582
ord9384
ord4352
ord2967
ord12610
ord14211
ord7651
ord14217
ord8901
ord2697
ord13397
ord6631
ord4335
ord8043
ord11406
ord13864
ord13761
ord13354
ord5723
ord2629
ord6000
ord11806
ord3812
ord11813
ord11817
ord3279
ord11757
ord2350
ord6724
ord4726
ord2370
ord6717
ord11850
ord3172
ord8416
ord3278

kernel32

WriteProcessMemory
ReadFile
CopyFileW
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetShortPathNameW
GetComputerNameA
OpenMutexW
GetLocalTime
FindResourceW
LoadResource
LockResource
OpenMutexA
CreateMutexA
CreateMutexW
SetLocalTime
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
CreateRemoteThread
GetExitCodeThread
WaitForSingleObject
DeleteFileW
VerifyVersionInfoW
VerSetConditionMask
GetDriveTypeW
LoadLibraryW
DefineDosDeviceW
SetFilePointer
VirtualAlloc
VirtualFree
GetTickCount
CreateThread
TerminateProcess
GetPrivateProfileIntW
WritePrivateProfileStringW
DeleteCriticalSection
GetCurrentProcess
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
VirtualProtectEx
ResetEvent
Sleep
GetModuleHandleA
VirtualFreeEx
GetModuleHandleW
ReadProcessMemory
GetFileSize
LocalFree
VirtualAllocEx
GetProcAddress
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
CreateFileW
GetModuleFileNameW
DeviceIoControl
GetPrivateProfileStringW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SendMessageW
FindWindowW
SendMessageA
IsWindow
RegisterWindowMessageA
wsprintfW
SetActiveWindow
GetActiveWindow
SetWindowTextA
IsWindowEnabled
GetDesktopWindow
EnableWindow
GetWindowTextA
GetWindowThreadProcessId
PostMessageW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
SafeArrayGetElement
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

setupapi

CM_Get_Device_IDW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

iphlpapi

GetAdaptersInfo

vcruntime140

memcpy
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
memmove
__std_terminate
wcsstr
wcsrchr
__std_exception_destroy
memcmp
__CxxFrameHandler3
memchr
_CxxThrowException
__std_exception_copy
memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vswprintf
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
fflush
_wfopen_s
fclose
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_beginthreadex
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath
_waccess
_wsplitpath_s
_wmkdir

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcscat_s
strncpy_s
wcscpy_s
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstol
_itow
_wtoi64
_wtof

api-ms-win-crt-time-l1-1-0

_localtime64
_localtime64_s
_ftime64
_time64

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
ceil
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ed1c76497c8e245ec97e18465d3b957

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

mfc140u

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

wintrust

crypt32

setupapi

iphlpapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 384KB

.rdata Size: - Virtual size: 117KB

.data Size: - Virtual size: 74KB

.pdata Size: - Virtual size: 12KB

.gfids Size: - Virtual size: 76B

.tls Size: - Virtual size: 9B

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: - Virtual size: 384KB

.rdata
Size: - Virtual size: 117KB

.data
Size: - Virtual size: 74KB

.pdata
Size: - Virtual size: 12KB

.gfids
Size: - Virtual size: 76B

.tls
Size: - Virtual size: 9B

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 48KB - Virtual size: 48KB