General
-
Target
medcalc.exe
-
Size
4.3MB
-
MD5
a1df8ea33d8997e4b551f57b9803d1b0
-
SHA1
53e32e095a1daff292b4dafad89b12d780e7541f
-
SHA256
344364067e468656fd46247e8d45a89ba4163e7cf882b7c73fe4838d44a5fc86
-
SHA512
a7c6abd9dfabc447d0a33bf563986d0fe6d030efffd9c235c33bd5d970d6ba439b7bae89da90db44709d0fbcaffdd21e3ba42b87de21d2a4e51284b0d62d95aa
-
SSDEEP
98304:g9IEaFJjQG/VZbsS2Dki4j4XCwsW7uSAabHLRMdWhCv38cnFQ7dcV:g9VAP41DFtCwsW7uSAabHLRMdWhCv38e
Malware Config
Signatures
-
resource yara_rule sample vmprotect
Files
-
medcalc.exe.exe windows x64
c95bacb3a3fd38d26ae16f956d9ce16e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
Imports
kernel32
Beep
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryW
CreateFileMappingW
CreateFileW
DeleteFileW
FileTimeToSystemTime
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetComputerNameW
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetFileAttributesExW
GetFileSize
GetLastError
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProfileIntW
GetProfileStringW
GetSystemDefaultLangID
GetSystemTime
GetTempFileNameW
GetTempPathW
GetTickCount
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
IsDBCSLeadByteEx
IsDebuggerPresent
LoadLibraryExW
LoadLibraryW
LoadResource
LockFile
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
ReadFile
SetCurrentDirectoryW
SetFileAttributesW
SetFilePointer
SizeofResource
SystemTimeToFileTime
UnlockFile
UnmapViewOfFile
WideCharToMultiByte
WriteFile
CopyFileW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetEnvironmentStringsW
GetLocalTime
GetModuleHandleA
GetTimeZoneInformation
HeapAlloc
HeapFree
LeaveCriticalSection
RtlLookupFunctionEntry
RtlVirtualUnwind
SetErrorMode
UnhandledExceptionFilter
FileTimeToLocalFileTime
GetFileAttributesW
GetProcessHeap
GetSystemInfo
InitializeCriticalSection
RaiseException
RtlRestoreContext
RtlCaptureContext
GetVersionExW
TlsAlloc
TlsSetValue
SetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThread
Sleep
TlsFree
TlsGetValue
GetFileType
SetEndOfFile
WaitForSingleObject
SetFilePointerEx
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
AdjustWindowRect
AnimateWindow
AppendMenuW
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerW
CharUpperA
CharUpperW
CheckMenuItem
ClientToScreen
CloseClipboard
CreateDialogParamW
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamW
DispatchMessageW
DrawEdge
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
GetCapture
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
GetFocus
GetKeyState
GetKeyboardState
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemID
GetMenuItemInfoW
GetMessagePos
GetMessageW
GetParent
GetScrollInfo
GetScrollPos
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindowInfo
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
HideCaret
InvalidateRect
InvertRect
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsZoomed
KillTimer
LoadCursorW
LoadImageW
LoadStringW
LockWindowUpdate
MapWindowPoints
MessageBoxW
MoveWindow
OemToCharA
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollDC
SendDlgItemMessageW
SendInput
SendMessageA
SendMessageW
SetCapture
SetClassLongPtrW
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetKeyboardState
SetMenu
SetMenuItemInfoW
SetParent
SetScrollInfo
SetScrollRange
SetTimer
SetWindowLongPtrW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
WinHelpW
mouse_event
wsprintfW
DialogBoxParamW
LoadAcceleratorsW
LoadBitmapW
LoadIconW
LoadMenuW
CharUpperBuffA
DefDlgProcW
DestroyCaret
DrawIcon
GetWindowLongW
IntersectRect
IsWindowVisible
MessageBeep
PtInRect
SetWindowLongW
UnionRect
CreateCaret
DrawMenuBar
GetClassInfoExW
RegisterClassExW
SetCaretPos
GetDCEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRect
GetProcessWindowStation
GetUserObjectInformationW
gdi32
AbortDoc
BitBlt
CloseEnhMetaFile
CloseMetaFile
CombineRgn
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateEnhMetaFileW
CreateFontIndirectW
CreateICW
CreateMetaFileW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesW
ExtTextOutW
GdiComment
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectW
GetPixel
GetRegionData
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextMetricsW
IntersectClipRect
InvertRgn
LPtoDP
LineTo
MoveToEx
Polygon
Polyline
Rectangle
RestoreDC
RoundRect
SaveDC
SelectObject
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBits
SetLayout
SetMapMode
SetROP2
SetTextAlign
SetTextColor
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocW
StartPage
TextOutW
UnrealizeObject
GetClipBox
PatBlt
ExcludeClipRect
CreateBitmap
SetStretchBltMode
SetTextCharacterExtra
CreateDIBitmap
GetTextAlign
gdiplus
GdipAddPathBeziersI
GdipBitmapSetResolution
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDisposeImage
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipFillEllipse
GdipFillEllipseI
GdipFillPolygon2
GdipFillRectangle
GdipFillRectangleI
GdipGetDC
GdipReleaseDC
GdipRestoreGraphics
GdipSaveGraphics
GdipSaveImageToFile
GdipSetClipRectI
GdipSetPageUnit
GdipSetPenDashStyle
GdipSetPenLineJoin
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
winspool.drv
ClosePrinter
DocumentPropertiesW
OpenPrinterW
comdlg32
ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
comctl32
ImageList_Create
ImageList_Destroy
ord17
InitCommonControlsEx
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_AddMasked
ImageList_GetImageCount
shell32
ShellExecuteW
mpr
WNetGetUserW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
ole32
CLSIDFromString
CoCreateGuid
CoInitializeEx
CoUninitialize
ReadClassStg
StgCreateDocfile
StgIsStorageFile
StgOpenStorage
StringFromGUID2
WriteClassStg
uxtheme
SetWindowTheme
mcnum64
ACos
ACosh
ASin
ASinh
ATan
ATanh
AlmostEqual
Atan2
BesselI
BesselJ
BesselK
BesselY
Beta
Ceil
Chi2
Chi2Inv
CosIntegral
Cosh
Eigen
Eps
FDistInv
Floor
Gamma
Gamma2
GammaLn
Hypot
IsPrimeR
KendallTau
LoessSmoothing
MTRandomize
MTRndCard
NextPrime
NormDist
NormDistInv
PairedWilcoxonSig
Pow
PrimeI
RandomPrime
RndBeta
RndBinomial
RndChiSquare
RndExponential
RndF
RndGamma
RndLogNormal
RndNormal
RndPoisson
RndStudentT
RndUniform
RndWeibull
ShapiroWilk
SinIntegral
Sinh
TDist
TDistInv
TDistInvNC
TDistNC
Tanh
cAbs
cAcos
cAcosh
cArg
cAsin
cAsinh
cAtan
cAtanh
cCos
cCosh
cExp
cLog
cLog10
cNorm
cPolar
cPow2C
cPowCR
cPowRC
cSin
cSinh
cSqrt
cTan
cTanh
cdfBeta
mculib64
UCReverseString
UCStringLength
UCTitleString
UCWrapString
mclib64
ALLOCATE
AddToRecentDocs
AlertWindowEx
ArabicToRoman
ArraySelect
CloseExcelFile
CreateEmbeddedWebControlW
CreateExcelFile
CreateTabbedDialog
DEALLOCATE
DestroyEmbeddedWebControl
DoEmbeddedWebControlAction
DoEmbeddedWebControlCommand
DoUrl
DoWebHelp
EnableDialogItem
ExcelWriteColumnWidth
ExcelWriteDefaultColumnWidth
ExcelWriteDouble
ExcelWriteLabelW
ExportRichEditText
FitWindowOnScreen
ForceDlgItemRedraw
ForceRedraw
GetDayName
GetDefaultBrowser
GetEncoderClsid
GetHBitmapFromPNG
GetMonthName
GetRichEditCallback
GetRichEditText
GetWindowsVersion
Get_KEYSTATE_WPARAM
Get_WHEEL_DELTA_WPARAM
Get_X_LPARAM
Get_Y_LPARAM
HandleSysColorsChange
HandleThemeChanged
HandleWinIniChange
HsvToRgb
InitDialogTab
InitMyLib2
InitRegistry
InitWebhostModule
IsCurrentUserLocalAdministrator
IsDayOrMonthName
IsNetfx40Installed
IsNetworkPath
IsWow64Proc
MDEALLOCATE
MyBeginBufferedPaint
MyBufferedPaintInit
MyBufferedPaintUnInit
MyEndBufferedPaint
MyGDICreateMetafileFileEx
MyGDIDeleteMetafileEx
MyGDIDrawTextExW
MyGDIGetHENHMETAFILEEx
MyGDILoadBitmap
MyGDIMeasureStringExW
MyGetLongPathName
MyLoadLibrary
MySetPixel
PrintEmbeddedWebControl
RSHash
ReALLOCATE
ReadRegBin
ReadRegBool
ReadRegDWord
ReadRegInt
ReadRegString
ReadRegStringA
ReadSummaryInformationW
ResizeEmbeddedWebControl
RomanToArabic
SelectFolder
SetRichEditText
SplitPath
StaticToURLControl
URLDownloadFile
UnZip
WebControlNavigateTo
WriteRegBin
WriteRegBool
WriteRegDWord
WriteRegInt
WriteRegString
WriteRegStringA
WriteSummaryInformationW
Zip
closeFileInZipFile
closeZipFile
createFileInZipFile
extractFileFromZipFile
md5
my_wsprintf
writeFileInZipFile
spssio64
spssSysmisVal
spssSetVarWriteFormat
spssSetVarPrintFormat
spssSetVarName
spssSetVarNValueLabel
spssSetVarLabel
spssSetVarColumnWidth
spssSetVarCValueLabel
spssSetValueNumeric
spssSetValueChar
spssSetInterfaceEncoding
spssSetCompression
spssReadCaseRecord
spssOpenWriteU8
spssOpenReadU8
spssGetVarPrintFormat
spssGetVarNValueLabels
spssGetVarLabel
spssGetVarInfo
spssGetVarHandle
spssGetVarColumnWidth
spssGetVarCValueLabels
spssGetVarAlignment
spssGetValueNumeric
spssGetValueChar
spssGetNumberofVariables
spssGetNumberofCases
spssFreeVarNValueLabels
spssFreeVarCValueLabels
spssConvertTime
spssConvertSPSSTime
spssConvertDate
spssCommitHeader
spssCommitCaseRecord
spssCloseWrite
spssCloseRead
Sections
.text Size: - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 750KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 115KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 316KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ