ae43bcc30a43c27286dbe3cc7820d263e64967a292507bbe1728b3acf5223414

Sharing

Copy URL Twitter E-mail

General

Target

ae43bcc30a43c27286dbe3cc7820d263e64967a292507bbe1728b3acf5223414
Size

934KB
MD5

5533211213a08ee459751f74f3de585e
SHA1

b98b6c80008dbb251fd328438c4b4d1087e905b2
SHA256

ae43bcc30a43c27286dbe3cc7820d263e64967a292507bbe1728b3acf5223414
SHA512

5f3ab7d470a74f2e163d2ffaf390dad4187590e4663bd9549eb7f27703b025755bd2e410261ee2d3409245ecc9f5c2c475f0e83c1cb0470856bcd3d3e6e6d3f6
SSDEEP

24576:U7rW+W1pKrbbSnrQyqM/ZQ2HJwXaokmeh4eX93Hizu:JgParQyf/W9kpme3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae43bcc30a43c27286dbe3cc7820d263e64967a292507bbe1728b3acf5223414

Files

ae43bcc30a43c27286dbe3cc7820d263e64967a292507bbe1728b3acf5223414
.dll windows x86

dff02ba3b0b5703a7f6f4e25cb472f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FlushFileBuffers
GetFileSize
GetFileTime
ReadFile
SetFilePointer
SetFileTime
WriteFile
GetTempPathA
OutputDebugStringA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
OpenProcess
GetTickCount
GetSystemDirectoryA
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
MapViewOfFile
UnmapViewOfFile
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
FindClose
GetProcAddress
LoadResource
SizeofResource
LoadLibraryA
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcpyA
lstrcatA
lstrlenA
CreateFileMappingA
OpenFileMappingA
GetStartupInfoA
FindResourceA
MoveFileA
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateDirectoryA
DeleteFileA
CreateFileA
GetModuleHandleA
InitializeSListHead
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowThreadProcessId
GetWindow
wsprintfA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxA
GetParent
EnumWindows
GetTopWindow
MessageBoxW
CharUpperBuffW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ntdll

NtProtectVirtualMemory
NtReadVirtualMemory
NtUnmapViewOfSection
NtAllocateVirtualMemory
NtFreeVirtualMemory

ws2_32

inet_addr
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
send
closesocket
connect
htons
inet_ntoa

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strstr
memset
memmove

api-ms-win-crt-string-l1-1-0

strcpy
strcat
toupper
strcat_s
strlen
_stricmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e

Exports

Exports

ADVANCEDSETUPDIALOG
AbortPrinter
AddFormA
AddFormW
AddJobA
AddJobW
AddMonitorA
AddMonitorW
AddPortA
AddPortExA
AddPortExW
AddPortW
AddPrintProcessorA
AddPrintProcessorW
AddPrintProvidorA
AddPrintProvidorW
AddPrinterA
AddPrinterConnectionA
AddPrinterConnectionW
AddPrinterDriverA
AddPrinterDriverExA
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesA
AdvancedDocumentPropertiesW
AdvancedSetupDialog
ClosePrinter
CloseSpoolFileHandle
CommitSpoolData
ConfigurePortA
ConfigurePortW
ConnectToPrinterDlg
ConvertAnsiDevModeToUnicodeDevmode
ConvertUnicodeDevModeToAnsiDevmode
CreatePrinterIC
DEVICECAPABILITIES
DEVICEMODE
DeleteFormA
DeleteFormW
DeleteMonitorA
DeleteMonitorW
DeletePortA
DeletePortW
DeletePrintProcessorA
DeletePrintProcessorW
DeletePrintProvidorA
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionA
DeletePrinterConnectionW
DeletePrinterDataA
DeletePrinterDataExA
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverA
DeletePrinterDriverExA
DeletePrinterDriverExW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyA
DeletePrinterKeyW
DevQueryPrint
DevQueryPrintEx
DeviceCapabilities
DeviceCapabilitiesA
DeviceCapabilitiesW
DeviceMode
DevicePropertySheets
DocumentEvent
DocumentPropertiesA
DocumentPropertiesW
DocumentPropertySheets
EXTDEVICEMODE
EndDocPrinter
EndPagePrinter
EnumFormsA
EnumFormsW
EnumJobsA
EnumJobsW
EnumMonitorsA
EnumMonitorsW
EnumPortsA
EnumPortsW
EnumPrintProcessorDatatypesA
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
EnumPrinterDataA
EnumPrinterDataExA
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversA
EnumPrinterDriversW
EnumPrinterKeyA
EnumPrinterKeyW
EnumPrintersA
EnumPrintersW
ExtDeviceMode
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FlushPrinter
FreePrinterNotifyInfo
GetDefaultPrinterA
GetDefaultPrinterW
GetFormA
GetFormW
GetJobA
GetJobW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetPrinterA
GetPrinterDataA
GetPrinterDataExA
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetSpoolFileHandle
IsValidDevmodeA
IsValidDevmodeW
OpenPrinterA
OpenPrinterW
PerfClose
PerfCollect
PerfOpen
PlayGdiScriptOnPrinterIC
PrinterMessageBoxA
PrinterMessageBoxW
PrinterProperties
QueryColorProfile
QueryRemoteFonts
QuerySpoolMode
ReadPrinter
ResetPrinterA
ResetPrinterW
ScheduleJob
SeekPrinter
SetAllocFailCount
SetDefaultPrinterA
SetDefaultPrinterW
SetFormA
SetFormW
SetJobA
SetJobW
SetPortA
SetPortW
SetPrinterA
SetPrinterDataA
SetPrinterDataExA
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SplDriverUnloadComplete
SpoolerDevQueryPrintW
SpoolerInit
SpoolerPrinterEvent
StartDocDlgA
StartDocDlgW
StartDocPrinterA
StartDocPrinterW
StartPagePrinter
WaitForPrinterChange
WritePrinter
XcvDataW

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dff02ba3b0b5703a7f6f4e25cb472f37

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 22KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 596KB

.vmp1 Size: 932KB - Virtual size: 931KB

.reloc Size: 512B - Virtual size: 180B

.rsrc Size: 1024B - Virtual size: 323KB

.text
Size: - Virtual size: 22KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 596KB

.vmp1
Size: 932KB - Virtual size: 931KB

.reloc
Size: 512B - Virtual size: 180B

.rsrc
Size: 1024B - Virtual size: 323KB