2d7c3933f7d587f8f968c3a284acc5a2a681cbe1639645676fd7e5274f9653c5

Sharing

Copy URL Twitter E-mail

General

Target

2d7c3933f7d587f8f968c3a284acc5a2a681cbe1639645676fd7e5274f9653c5
Size

1.4MB
MD5

2bfe19f9a5c24a97a89d287fadce82ec
SHA1

99aa2eae4617aeefcab72778e952972fefa9e810
SHA256

2d7c3933f7d587f8f968c3a284acc5a2a681cbe1639645676fd7e5274f9653c5
SHA512

6c1799f15aeade3646b68792a370360236f53df87b5436a16eaddc250915e30a5fed7e45971173ba49b4b176bc9a948343827bf9fc6fc699c18b237cd21df50e
SSDEEP

24576:c9TSpBzgCzS43AJXwqsinXV0ZZ3uZVqAfPMU3auTSIZcHwiCBitRgO6:yTSB/ggmXVmqqAfP3reI7RQtS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

2d7c3933f7d587f8f968c3a284acc5a2a681cbe1639645676fd7e5274f9653c5
.exe windows x86

d465e1a1e7db83a01ec616254e3ea2d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetVersionExA
LoadLibraryA
GetModuleHandleA
RtlCaptureStackBackTrace
GetTickCount
GetFullPathNameW
FindResourceW
SizeofResource
LoadResource
SetLastError
LockResource
FreeResource
LoadLibraryW
MulDiv
FreeLibrary
GetLocalTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
GetProcessHandleCount
GetCurrentProcess
SetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GetModuleHandleW
CreateProcessW
SetEndOfFile
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetStdHandle
GlobalLock
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RaiseException
RtlUnwind
WaitForSingleObject
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
GetProcAddress
GlobalAlloc
GetLogicalDriveStringsW
GetDriveTypeA
OutputDebugStringA
GetSystemTimeAsFileTime
Sleep
MoveFileW
CopyFileW
GetFileSize
CloseHandle
DeleteFileW
GetLastError
SetFileAttributesW
GetFileAttributesW
CreateFileW
FindClose
RemoveDirectoryW
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
LocalFree
GetModuleFileNameW
lstrlenW
GetCommandLineW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
lstrlenA
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
IsBadReadPtr
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCursor
SetRect
PostMessageW
DestroyIcon
KillTimer
GetCursorPos
SetForegroundWindow
IsWindowVisible
CopyRect
InflateRect
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
IsWindow
DestroyWindow
SetWindowPos
EnableWindow
RegisterWindowMessageW
DrawIconEx
InvertRect
FillRect
SetActiveWindow
GetWindowLongW
GetDesktopWindow
OffsetRect
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
GetDlgItem
GetClientRect
GetWindowRect
MapWindowPoints
SetWindowLongW
GetParent
GetWindow
PostQuitMessage
ClientToScreen
ShowWindow
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
TrackMouseEvent
SendMessageW
GetActiveWindow
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
SetFocus
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
SetTimer
MessageBoxW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
IsWindowEnabled
GetDC
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetIconInfo
CharNextW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
GetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetSysColor
EnableMenuItem
GetSystemMetrics
DestroyCursor
GetKeyState
GetFocus
LoadIconW
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC

gdi32

GetCurrentObject
CombineRgn
Polyline
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
DeleteObject
CreateRoundRectRgn
EnumFontsW
SetGraphicsMode
GetDeviceCaps
BitBlt
ExtCreatePen
Arc
GetViewportOrgEx
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CoCreateInstance
CreateBindCtx
CoCreateGuid
OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromString

oleaut32

SetErrorInfo
VariantInit
GetErrorInfo
SysFreeString
CreateErrorInfo
VariantClear
VariantChangeType
SysAllocString

winhttp

WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts

ws2_32

ntohs
socket
send
inet_addr
WSAStartup
listen
select
gethostbyname
closesocket
bind
accept
WSACleanup
gethostname
inet_ntoa
__WSAFDIsSet
recv
ioctlsocket
setsockopt
WSAGetLastError
connect
htons

shlwapi

StrToIntExW

psapi

EmptyWorkingSet
GetProcessMemoryInfo

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipFree
GdipAlloc
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipCloneImage
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d465e1a1e7db83a01ec616254e3ea2d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

ws2_32

shlwapi

psapi

imm32

gdiplus

msimg32

Sections

.text Size: - Virtual size: 1.9MB

.rdata Size: 526KB - Virtual size: 526KB

.data Size: - Virtual size: 130KB

.vmp0 Size: - Virtual size: 475KB

.vmp1 Size: 898KB - Virtual size: 897KB

.reloc Size: 512B - Virtual size: 256B

.rsrc Size: 15KB - Virtual size: 195KB

.text
Size: - Virtual size: 1.9MB

.rdata
Size: 526KB - Virtual size: 526KB

.data
Size: - Virtual size: 130KB

.vmp0
Size: - Virtual size: 475KB

.vmp1
Size: 898KB - Virtual size: 897KB

.reloc
Size: 512B - Virtual size: 256B

.rsrc
Size: 15KB - Virtual size: 195KB