624765fb41cc272d573c9a9250ad85d5bfe81cceaec7ce35f37e7043c17b7845

Sharing

Copy URL Twitter E-mail

General

Target

624765fb41cc272d573c9a9250ad85d5bfe81cceaec7ce35f37e7043c17b7845
Size

717KB
MD5

70a3cc862562bb954c4212cdbe6e3655
SHA1

5d075e77da45f9c28c5ebbb009b23f747e0ff04b
SHA256

624765fb41cc272d573c9a9250ad85d5bfe81cceaec7ce35f37e7043c17b7845
SHA512

8d3a84ddbfbd5450f23bb779fdcf0b34af3826df14adad5dad4b61cd8d93f5e118130fbd88287af17da242484c342e50ead30db95bc999ee2c5357ad27a836cf
SSDEEP

12288:RPId6xbel+TS4Qgz/jHAnOfwoFdPHqVTafVN3rgQdKggbOPpOmMxIplIIt:RQd6xqITS4NjH4OfwofG2VBgMYaROOI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
624765fb41cc272d573c9a9250ad85d5bfe81cceaec7ce35f37e7043c17b7845

Files

624765fb41cc272d573c9a9250ad85d5bfe81cceaec7ce35f37e7043c17b7845
.exe windows x86

8a7419f00c4c81c4525b67dce03d709c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFindExtension
CryptDecodeObjectEx
CryptQueryObject
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFindCertificateInStore
PFXImportCertStore
CertAddCertificateContextToStore
CertFreeCertificateContext

kernel32

GetDateFormatA
RtlUnwind
ExitProcess
RaiseException
HeapSize
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
GetTimeFormatA
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetProcessHeap
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
CreateFileA
GetDriveTypeA
SetEnvironmentVariableA
CreateThread
ExitThread
GetDriveTypeW
GetFileInformationByHandle
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoW
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetStringTypeExW
DeleteFileW
MoveFileW
lstrlenA
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalFree
LocalAlloc
InterlockedDecrement
GlobalFlags
MulDiv
GlobalGetAtomNameW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
GlobalFindAtomW
GetVersionExW
CompareStringW
GetVersionExA
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpW
GetFileSizeEx
SleepEx
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
MoveFileExW
GetEnvironmentVariableA
SetLastError
FormatMessageW
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
GetModuleFileNameA
LockResource
FindClose
GetLastError
CreateDirectoryA
lstrlenW
MultiByteToWideChar
CreateEventA
SizeofResource
Sleep
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
VirtualProtect
GetSystemInfo
LoadLibraryA
VirtualAlloc
GetProcAddress
VirtualFree
GetTickCount
GetConsoleCP
DeleteFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
ReleaseCapture
LoadAcceleratorsW
InvalidateRect
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetRect
GetSystemMetrics
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
IsWindow
UpdateWindow
UnregisterClassW
LockWindowUpdate
GetDCEx
WindowFromPoint
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
RegisterClipboardFormatW
PostMessageW
PostQuitMessage
DestroyCursor
LoadCursorW
ReleaseDC
GetDC
FillRect
wsprintfW
EnableWindow
IsZoomed
IsRectEmpty
DeleteMenu
GetWindowRect
GetTabbedTextExtentA
CreateMenu
KillTimer
SetTimer
SetWindowRgn
DrawIcon
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
GetSysColorBrush
CharUpperW
DestroyIcon
MessageBeep
GetNextDlgGroupItem
AppendMenuW
InvalidateRgn
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
GetMenuStringW
RemoveMenu
InsertMenuW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetParent
IsIconic
GetSystemMenu
SetCapture

gdi32

SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
StretchDIBits
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
CreateFontW
GetCharWidthW
DeleteObject
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
GetStockObject
PatBlt
Rectangle
GetViewportOrgEx
CreatePen
CreateDCW
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocW
DPtoLP
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
Escape
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyW
RegOpenKeyW
RegDeleteValueW

shell32

DragFinish
ExtractIconW
SHGetFileInfoW
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoCreateInstance
CoInitializeEx
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleInitialize
OleDestroyMenuDescriptor

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

ws2_32

closesocket
ioctlsocket
gethostname
getpeername
__WSAFDIsSet
select
connect
recv
WSAIoctl
setsockopt
getaddrinfo
freeaddrinfo
htonl
socket
listen
getsockname
accept
recvfrom
bind
sendto
htons
WSASetLastError
ntohs
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
getsockopt
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send

wldap32

ord133
ord147
ord127
ord142
ord79
ord167
ord26
ord27
ord41
ord46
ord216
ord73
ord208
ord145
ord219
ord14
ord301
ord117

Sections

.text
Size: - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a7419f00c4c81c4525b67dce03d709c

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wldap32

Sections

.text Size: - Virtual size: 779KB

.rdata Size: - Virtual size: 157KB

.data Size: - Virtual size: 31KB

.vmp0 Size: - Virtual size: 247KB

.vmp1 Size: 710KB - Virtual size: 710KB

.reloc Size: 512B - Virtual size: 348B

.rsrc Size: 5KB - Virtual size: 18KB

.text
Size: - Virtual size: 779KB

.rdata
Size: - Virtual size: 157KB

.data
Size: - Virtual size: 31KB

.vmp0
Size: - Virtual size: 247KB

.vmp1
Size: 710KB - Virtual size: 710KB

.reloc
Size: 512B - Virtual size: 348B

.rsrc
Size: 5KB - Virtual size: 18KB