SecuriteInfo[.]com[.]Variant[.]Ursu[.]583924[.]6347[.]11552[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Variant.Ursu.583924.6347.11552.exe
Size

6.1MB
MD5

9bc257f46519808732159d25fd0bcf48
SHA1

55f30e6baf0f52d2b04f5be001008ffae5f472a9
SHA256

6363c8cc12608a700e061c9acdbd8ca0fc8a42727376298f8166fab447b66bed
SHA512

b31cef68d0359b4d38643921a249ff5dffe7c1cc595077fdbb02dfde60801248d1ac2c0d0da056b6ea4c3252e2258fee99d52050915137d450159d25d124660b
SSDEEP

98304:knh/0hCQsUmvognDaOwaBuyNScjEO6/kU9McjG3D8c0QrgFymNK/:8vhUq1Wbao2J4O6/kUMcqISrkXNK/

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Variant.Ursu.583924.6347.11552.exe

Files

SecuriteInfo.com.Variant.Ursu.583924.6347.11552.exe
.exe windows x86

dc9bb073a24eaa7c6a7245aa78a434dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteDC
SelectObject
CreateDIBSection
DeleteObject
CreateCompatibleDC
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
GetDeviceCaps

gdiplus

GdipCreateBitmapFromScan0
GdipGetRegionBounds
GdipLoadImageFromFile
GdiplusStartup
GdipSetTextRenderingHint
GdipDeletePen
GdipDrawRectangleI
GdipDeleteBrush
GdipDisposeImage
GdipGetImageGraphicsContext
GdipSetSolidFillColor
GdipGetImageWidth
GdipLoadImageFromStream
GdipCreateSolidFill
GdipCreateFromHDC
GdipSetSmoothingMode
GdipGetImageHeight

user32

TrackMouseEvent
MessageBoxA
wsprintfA
GetCursorPos
GetSystemMetrics
GetPropA
CallWindowProcA
CreateWindowExA
CloseClipboard
UpdateLayeredWindow
SetPropA
ShowWindow
IsWindow
OpenClipboard
ReleaseDC
GetDC
GetWindowRect
DispatchMessageA
SendMessageA
PeekMessageA
GetMessageA
TranslateMessage
GetClipboardData
UnregisterClassA
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetDesktopWindow
GetClassNameA
GetWindowThreadProcessId
FindWindowA
GetDlgItem
FindWindowExA
GetWindowTextA
CharUpperA
GetForegroundWindow
IsRectEmpty
ReleaseDC
IsChild
CreateIconFromResource
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetKeyState
WaitForInputIdle
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
CreateMenu
GetSystemMenu
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
GetWindowTextLengthA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
CreateAcceleratorTableA
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
DefWindowProcA
TranslateAcceleratorA
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
wsprintfA
FillRect
CreateIconFromResourceEx

kernel32

GetModuleHandleA
SetHandleCount
GetStdHandle
LCMapStringA
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTempPathA
GetTickCount
WriteFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
VirtualAlloc
MapViewOfFile
CreateFileMappingA
GetProcAddress
TlsFree
VirtualProtectEx
WideCharToMultiByte
lstrlenW
LocalAlloc
LocalSize
GlobalFree
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
RtlMoveMemory
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RaiseException
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
LCMapStringW
SetStdHandle
FlushFileBuffers
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
TlsGetValue
LocalFree
SetLastError
GetCurrentProcess
LoadLibraryW
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetSystemTime
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
RemoveDirectoryA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
IsDBCSLeadByte
lstrcmpA
lstrcmpiA
lstrcpynA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileType
DuplicateHandle
SystemTimeToFileTime
GetLocalTime
DosDateTimeToFileTime
SetFileTime
WideCharToMultiByte
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
LocalFree
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW

shell32

SHAppBarMessage
ShellExecuteA
Shell_NotifyIconA
ShellExecuteA

shlwapi

PathFileExistsA

winmm

PlaySoundA
midiStreamOut
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamStop
midiOutReset
midiStreamClose
midiStreamOpen
midiStreamRestart
midiOutPrepareHeader
midiStreamProperty

ws2_32

WSACleanup
inet_ntoa
getpeername
accept
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

oleaut32

UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SysAllocString
VariantInit
VariantCopyInd
VariantChangeType
VariantClear

comctl32

ord17
ImageList_Destroy

comdlg32

GetOpenFileNameA
ChooseColorA
GetFileTitleA
GetSaveFileNameA

Sections

.text
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc9bb073a24eaa7c6a7245aa78a434dc

Headers

File Characteristics

Imports

gdi32

gdiplus

user32

kernel32

ole32

imm32

shell32

shlwapi

winmm

ws2_32

winspool.drv

advapi32

oleaut32

comctl32

comdlg32

Sections

.text Size: - Virtual size: 2.6MB

.rdata Size: - Virtual size: 16.1MB

.data Size: - Virtual size: 511KB

.vmp0 Size: - Virtual size: 723KB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 4KB - Virtual size: 284B

.rsrc Size: 72KB - Virtual size: 85KB

.text
Size: - Virtual size: 2.6MB

.rdata
Size: - Virtual size: 16.1MB

.data
Size: - Virtual size: 511KB

.vmp0
Size: - Virtual size: 723KB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 4KB - Virtual size: 284B

.rsrc
Size: 72KB - Virtual size: 85KB