asdf[.]vmp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

asdf.vmp.exe
Size

2.2MB
MD5

1934c6b0ed80087ccdd4f9a2317484a0
SHA1

aaceac33c436cc420c426f63ac876fe1c98af4a4
SHA256

bcde6704a2efbd189e01a8d4e5e4bbd783042f68fef2d1ba5537aa8784843035
SHA512

1b8fe190b5fb87141551ddb114c03f3962819fc940433374daeeada7965e3318c13556738a9c1c8e57d4a2af1e0e46ef19f106cce5a275601ae39273051c0172
SSDEEP

49152:NNSejBuM2tjzDP2bREQKZZh2ih2ih2ih2ih2:/xjBuMgjPP2bn+2y2y2y2y2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

asdf.vmp.exe
.exe windows x86

7caa3d2fb5a3cb5dae1dad7a41e36cf2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
inet_addr
htonl
getservbyname
htons
WSAGetLastError
gethostbyname
ioctlsocket
WSASetLastError
getservbyport
gethostname
shutdown
WSACleanup
closesocket
connect
socket
WSAStartup
send
recv
WSAAsyncSelect
inet_ntoa
gethostbyaddr

winmm

mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
mixerGetDevCapsA
mixerOpen
mixerGetControlDetailsA
mciSendStringA
joyGetDevCapsA
joyGetPosEx

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ImageList_Create
ord6
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Destroy
ImageList_GetIconSize

psapi

GetModuleFileNameExA
GetProcessImageFileNameA
GetModuleBaseNameA

kernel32

FreeLibrary
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetEnvironmentVariableA
lstrcmpiA
GetStringTypeExA
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexA
GetLastError
GetModuleHandleA
MultiByteToWideChar
GetVersionExW
DeleteCriticalSection
GetModuleFileNameA
GetFileAttributesA
GetFullPathNameA
GetSystemTimeAsFileTime
FindFirstFileA
FindNextFileA
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableA
Beep
MoveFileA
CreateProcessA
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetDiskFreeSpaceA
SetVolumeLabelA
CreateFileA
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
CreateDirectoryA
ReadFile
GetACP
WriteFile
DeleteFileA
GetProcAddress
SetFileAttributesA
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameA
GetWindowsDirectoryA
GetTempPathA
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceA
CompareStringA
GetFullPathNameW
RemoveDirectoryA
GetCurrentProcess
FormatMessageA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
WritePrivateProfileSectionA
SetEndOfFile
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalSize
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
RtlUnwind
LoadLibraryA
GetSystemDirectoryA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryA
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryA
Sleep
GetTickCount
MulDiv
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExA
IsValidCodePage
EncodePointer
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileW
WriteConsoleW
ReadConsoleW
DecodePointer
CopyFileA
VirtualQuery
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ClientToScreen
GetCursor
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringA
ExitWindowsEx
SetMenu
FlashWindow
GetPropA
SetPropA
RemovePropA
MapWindowPoints
RedrawWindow
SetParent
SendMessageW
GetClassInfoExA
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongA
DefDlgProcA
CallWindowProcA
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamA
CreateAcceleratorTableA
DestroyAcceleratorTable
InsertMenuItemA
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoA
IsMenu
GetMenuItemInfoA
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuA
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
ChangeClipboardChain
SetClipboardViewer
MessageBeep
CreateWindowExA
RegisterClassExA
LoadCursorA
DestroyIcon
DestroyWindow
IsCharAlphaA
MapVirtualKeyA
MapVirtualKeyExA
EnumWindows
GetWindowTextA
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
PostMessageW
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutA
UnhookWindowsHookEx
SetWindowsHookExA
PostThreadMessageA
IsCharAlphaNumericA
IsCharUpperA
IsCharLowerA
ToAsciiEx
GetKeyboardLayout
CallNextHookEx
CharLowerA
ReleaseDC
GetDC
MessageBoxA
OpenClipboard
GetClipboardData
GetClipboardFormatNameA
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
FindWindowA
EndDialog
IsWindow
DispatchMessageA
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongA
ScreenToClient
SetDlgItemTextA
GetDlgItem
SendDlgItemMessageA
DialogBoxParamA
SetForegroundWindow
DefWindowProcA
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageA
IsIconic
LoadAcceleratorsA
IsZoomed
IsDialogMessageA
SendMessageA
IsWindowEnabled
GetWindowLongA
GetKeyState
TranslateAcceleratorA
KillTimer
PeekMessageA
GetFocus
GetClassNameA
GetWindowTextLengthA
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoA
AdjustWindowRectEx
DrawTextA
SetRect
GetIconInfo
SetWindowTextA
IsWindowVisible
GetMenu
GetWindowThreadProcessId
GetForegroundWindow
GetMessageA
SetTimer
GetParent
GetDlgCtrlID
CharUpperA
IsClipboardFormatAvailable
CheckMenuItem
LoadImageA
VkKeyScanExA
GetGUIThreadInfo
MessageBoxW
CharUpperBuffW

gdi32

CreateDIBSection
SetBkMode
EnumFontFamiliesExA
SetBrushOrgEx
GetPixel
BitBlt
CreateCompatibleBitmap
GetCharABCWidthsA
GetClipBox
SetBkColor
FillRgn
GetClipRgn
ExcludeClipRect
SetTextColor
CreatePatternBrush
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectA
GetTextMetricsA
GetTextFaceA
SelectObject
GetStockObject
CreateDCA
CreateSolidBrush
CreateFontA
GdiFlush
GetDeviceCaps
DeleteObject

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegConnectRegistryA
RegDeleteValueA

shell32

DragQueryPoint
SHEmptyRecycleBinA
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathA
ShellExecuteExA
Shell_NotifyIconA
DragFinish
DragQueryFileA
ExtractIconA

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1007KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7caa3d2fb5a3cb5dae1dad7a41e36cf2

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 652KB - Virtual size: 652KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 10KB - Virtual size: 30KB

.gfids Size: 512B - Virtual size: 292B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 380KB - Virtual size: 380KB

.vmp1 Size: 70KB - Virtual size: 70KB

.rsrc Size: 1007KB - Virtual size: 1006KB

.text
Size: 652KB - Virtual size: 652KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 10KB - Virtual size: 30KB

.gfids
Size: 512B - Virtual size: 292B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 380KB - Virtual size: 380KB

.vmp1
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 1007KB - Virtual size: 1006KB