3b4ed27876603b4b4364a37ac6422b977717103cba9037c6acfd51130aa99347

Sharing

Copy URL Twitter E-mail

General

Target

3b4ed27876603b4b4364a37ac6422b977717103cba9037c6acfd51130aa99347
Size

2.6MB
MD5

451c310f2aa81b42a4e6ff869631c7c9
SHA1

0d200c5b4094425a19d7a320d5c36dfe7e63059b
SHA256

3b4ed27876603b4b4364a37ac6422b977717103cba9037c6acfd51130aa99347
SHA512

ab678de9a98c77c8aa581d826038bf9e2c0aac00de4c85284c3007d719884079abe509b0e80f38e2377a190e2035b2f2bd484eed84392b392c4db12e4d6bedba
SSDEEP

49152:Exm9c1wUIkaH0MhQtINEgL8sLVrkjt9Y4ti0dHTUelrrILf1DW/L:Es9AckaH0MvEHsZqt9Y4ticzUetrStDW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

3b4ed27876603b4b4364a37ac6422b977717103cba9037c6acfd51130aa99347
.exe windows x86

ac04dd778e7282acc52f1633d948cc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
InitializeCriticalSection
GlobalAlloc
LoadLibraryW
LeaveCriticalSection
MulDiv
ReadFile
lstrcmpW
WritePrivateProfileStringW
GlobalUnlock
FlushInstructionCache
RaiseException
SetLastError
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
WaitForSingleObject
VirtualFree
CreateRemoteThread
VirtualFreeEx
VirtualAlloc
QueueUserAPC
VirtualAllocEx
LoadLibraryA
OpenThread
GetExitCodeThread
WriteProcessMemory
SetPriorityClass
HeapAlloc
HeapFree
GetProcessHeap
GetPriorityClass
TerminateProcess
GetCurrentDirectoryW
ExitProcess
LoadLibraryExW
lstrcmpiW
GetWindowsDirectoryW
IsProcessorFeaturePresent
InterlockedCompareExchange
IsBadCodePtr
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersion
GetCommandLineA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateThread
CreateMutexA
TerminateThread
OpenMutexA
InterlockedIncrement
QueryPerformanceFrequency
GetWindowsDirectoryA
GlobalLock
RtlMoveMemory
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
UnhandledExceptionFilter
GetCurrentThreadId
SetUnhandledExceptionFilter
GetSystemDirectoryW
Module32NextW
CreateToolhelp32Snapshot
Module32FirstW
GetVolumeInformationA
InterlockedDecrement
ReadProcessMemory
DeviceIoControl
GetLocalTime
lstrcpyW
GetCurrentProcessId
DeleteFileW
GetFileSize
CloseHandle
IsDebuggerPresent
lstrcatW
QueryDosDeviceW
LockResource
GetProcAddress
GetLastError
lstrlenW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
IsBadWritePtr
SizeofResource
Sleep
WideCharToMultiByte
OpenProcess
WriteFile
IsBadReadPtr
GetTickCount
GetModuleHandleW
GetLogicalDriveStringsW
GetCurrentProcess
LoadResource
FreeLibrary
FindResourceW
GetNativeSystemInfo
lstrcpyn
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect
SetDlgItemTextW
GetMonitorInfoW
EndDialog
PostQuitMessage
GetWindow
GetMessageA
DispatchMessageA
wsprintfA
PeekMessageA
IsIconic
GetParent
MonitorFromWindow
SetWindowPos
DialogBoxParamW
GetSystemMetrics
SendMessageW
GetDlgItem
GetDlgItemInt
SetWindowTextW
GetLayeredWindowAttributes
IsWindow
SetLayeredWindowAttributes
GetMessageW
GetDlgItemTextW
SetWindowLongW
GetWindowLongW
PostMessageW
TranslateMessage
EnableWindow
MessageBoxW
CreateDialogParamW
ShowWindow
LoadIconW
MessageBoxA
GetDesktopWindow
InsertMenuW
CreatePopupMenu
GetCursorPos
AppendMenuW
CreateMenu
SetForegroundWindow
GetSubMenu
GetSysColorBrush
GetDlgCtrlID
DispatchMessageW
GetTopWindow
IsWindowEnabled
EnumWindows
GetWindowPlacement
FlashWindowEx
IsWindowVisible
GetWindowThreadProcessId
DestroyMenu
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
RegisterClassExW
InvalidateRect
GetWindowTextW
GetClassNameW
RedrawWindow
GetSysColor
CreateWindowExW
ReleaseCapture
CallWindowProcW
DefWindowProcW
MoveWindow
GetDC
ReleaseDC
TrackPopupMenu
UnregisterClassA

gdi32

CreateSolidBrush
GetDeviceGammaRamp
SetDeviceGammaRamp
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
BitBlt
GetDIBits
SetBkColor
CreateDCW
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
StartServiceW
LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
CreateServiceW
RegSetValueExW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleLockRunning
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
VariantInit
LoadTypeLi
VariantClear
SysStringLen

psapi

GetProcessImageFileNameW

comctl32

ord17

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash

crypt32

CryptQueryObject
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertGetNameStringW
CertFreeCertificateContext

Sections

.text
Size: - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac04dd778e7282acc52f1633d948cc67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

psapi

comctl32

version

imm32

wintrust

crypt32

Sections

.text Size: - Virtual size: 362KB

.rdata Size: - Virtual size: 39KB

.data Size: - Virtual size: 362KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 512B - Virtual size: 244B

.rsrc Size: 3KB - Virtual size: 570KB

.text
Size: - Virtual size: 362KB

.rdata
Size: - Virtual size: 39KB

.data
Size: - Virtual size: 362KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 512B - Virtual size: 244B

.rsrc
Size: 3KB - Virtual size: 570KB