8770a17e615e27e140d571d6ead1c6c0a283b8739c22b48986479f5b355e84b2

Sharing

Copy URL Twitter E-mail

General

Target

8770a17e615e27e140d571d6ead1c6c0a283b8739c22b48986479f5b355e84b2
Size

340KB
MD5

76d82e37c0b620e69bc08a53352a7e92
SHA1

7a030d3f93a7733a3fb7596fb278d830b91f6249
SHA256

8770a17e615e27e140d571d6ead1c6c0a283b8739c22b48986479f5b355e84b2
SHA512

f94fa51b05a3449e7848a9d2461748c39a4449ab456318fd4820397df3b2c57bd95f0d71d4c8d3b2fb84ce1e1c6ca4de740e74f3cc4ed1eaaf6e819915c7cf64
SSDEEP

6144:4McwJNqEhCaUF0rDQ12Vw+b7ZvhBHePKfilDiesZ+UeozrklpmJ19BHZWjQS2JqL:4jsqu48UQVw+5HePrmZ+Ezol4R9ZWjzh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8770a17e615e27e140d571d6ead1c6c0a283b8739c22b48986479f5b355e84b2

Files

8770a17e615e27e140d571d6ead1c6c0a283b8739c22b48986479f5b355e84b2
.dll windows x86

245fd3d47c88c9059168a6f6b837583b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
WriteConsoleW
CreateFileA
ReadFile
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
SetThreadPriority
ResumeThread
SuspendThread
CreateEventW
GlobalAddAtomW
FreeResource
GlobalFree
GlobalUnlock
GlobalFindAtomW
MulDiv
LockFile
WriteConsoleA
GetFileSize
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
LocalFree
FormatMessageW
WritePrivateProfileStringW
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
lstrlenA
GetFileAttributesW
GetFileTime
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InterlockedExchange
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
HeapSize
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
CloseHandle
GetTimeZoneInformation
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
GetModuleHandleA
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVersionExA
ExitThread
VirtualQuery
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
FindClose
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileAttributesA
RaiseException
RtlUnwind
HeapReAlloc
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceW
SetEvent
ResetEvent
ExitProcess
CreateThread
CreateProcessW
WaitForSingleObject
GetShortPathNameW
CreateDirectoryW
Sleep
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
lstrlenW
GetThreadLocale
HeapFree
IsBadReadPtr
VirtualProtect
SetLastError
GetSystemInfo
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFree
UnlockFile
VirtualAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DestroyMenu
RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
CharUpperW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
SetTimer
KillTimer
WaitMessage
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
RemovePropW
CharNextW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageW
GetWindowLongW
SetWindowLongW
EnableWindow
LoadIconW
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
TextOutW
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
OleIsCurrentClipboard
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CLSIDFromString

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen

ws2_32

ntohs
inet_ntoa
WSAStartup
WSACleanup
gethostbyname
closesocket
htonl
htons
inet_addr
accept
socket
select
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
send
recv

Exports

Exports

?KeyboardProc_EAL@@YGJHIJ@Z
AuxAddFirFoxRootCert
AuxCheckPINValid
AuxDebugTrace
AuxDebugTraceEx
AuxEnablePrivilege
AuxGetConfDword
AuxGetConfString
AuxGetIEProp
AuxGetTempCertDIR
AuxGetTempCertDIRForDaemon
AuxGetWatchSafeDllDIR
AuxIsCertInIEStore
AuxIsProcessRunning
AuxIsUsersPri
AuxIsWDCCID
AuxIsWDDev
AuxIsWDHID
AuxIsWDUDK
AuxIsWDUNICCID
AuxIsWin2K
AuxIsWin2K3
AuxIsWin7
AuxIsWin98
AuxIsWinVista
AuxIsWinXP
AuxKillProcess
AuxRegCACert
AuxRegDevMsg
AuxRegTrustSite
AuxRegUserCert
AuxSetConfFilePath
AuxSignFile
AuxStartApp
AuxStartKeyMutex
AuxStopKeyMutex
AuxSystemOSCheck
AuxTransSKBStyle
AuxUnRegUserCert
AuxVerifyFile
AuxWriteLog
AuxWriteLogHex
GUgd
KeyboardProc
PWD_ChangeUserPIN
PWD_CheckNewPIN
PWD_CheckNewPINRule
PWD_CheckNewPINStrength
PWD_ClearAllPINAndKey
PWD_ClearStoreAndKey
PWD_GetString
PWD_PreparePINOperation
PWD_SetCurPwdType
PWD_SetUserPIN
PWD_VerifyDefaultUserPIN
PWD_VerifyUserPIN
SKBCreate
SKBDestroy
SKBSetEncMode
SKBSetOutEditData
SKBSetOutEditWnd
SKBShow
installhook
installhook_EAL
unhook
�ʧ.<�5�<څvpoa�0��Fd��:.Z��e��`�錶<�*��=: `��Z�@�FNT;��x��OGE��6�FŁw�CH_E�R.��1��4W�*��S�� {t�$9�e��x}@�gR��q4l.jq�2e��Z*�ݎ�n��\ ,�_�t��3��S©��D'Y�k�A��i�}�6�$Y��_�w9��Y�I~�N�3 �"�B��^a�y�}'S�%�Ԛa��GF�f�[T��N׮�j��,��T"��1��t��F�dI{�r�V>�{�]��x ��M��'�BC��6u�<�ќ��i��=!�[��a"��z{sA'��=p8�s'�Q^H��O��(W��Bw5��E��d?Wٓ��T�V�lw� mrˎ�=��hL�4>�GV��%{�C�?�~��p��=�!��4� ��{Z��gTu[qI�7~�T��L�iy��4��e4��i��zXߕ��B;0��Lx��燽$dD�?��b�z�eU��a�[Z�U)f��z!w�c�^�}��)� L$��Ă�UOf�)\��E�3��:n'[�ne�-^��(��Mx ��%qʾ;+z~�+P�A�V��~a�y�]��>�Ǌا�,��,�k�ܽ|Hb��@��ā��$�pG&��K��L��M�uY�]�+��0ONy��#�R�� [&B�3��M��L�� M�3��M��m}��.�t��ؾ�L��xl�r�n��ñ�-�2$\�^��l��եa1��r�r�Q��kPP�+�}��(�4�\��Čvd��7�`��r��4-�\�5�r��GF@��q� Z�r8�<�y`kƪ'54��*�m\��F�KᛲE"�'".��dv[�=�G��E��Mt�*�t@*�p�s��{��mAE��BC�Tc8��Ta:->,ejF��u�MJn*��)��(0J<�\�5C�o�:� ��sH2��pJ�&��C˷�X~��ܦz��e��C��ry �5Ɨ5�D+v��!v|��b��T:?�Z�͝��&Y�=;6ʅ��UM| Nla)f@ۣ��K�u�"�np�۵��ۤL��!e[9�+��L�7W�s�9�pF�}�M�0h��n��Ӱ��]u��{'��ʚ)v ��C�#��)�c��U�$X�9��ēb��4Y-�3�^i��V��DwinO�o��3+�1��4oW��>a��hU��I�e��^�S��+`��^j֘�oδ��n��=�W(�kߜj5�l��>�訧A\-U.1�k�2<7|�b��g �A�豉��@z|��h�P��hTl��* ��E��Ȋ�2�r��{��.��0rl�� 0�{��xּ�ѯT��7o��rz�p�d��<t�#V��k�_�o:t�&*鑠\��Y�a�X��c��<�~8A7�3{?�_�(��慲7z��qtn��PfC��0ק��^�L6��m�N-��z󗰦p]�bW�T')jH��2T��v��釤�&�K:��j��q��l�L��l��U0+��@f��E�Ŀ,��&$_2mv��v�vfe�=o�{��ӻ٪s:�z�ZQT��C %�\�%�-��ߟ=mǜ?��)��_�@@vცۑU��'�C�4 �m%kB^H~��m�k��+��&B>�<Nȍ ~u��X�ĳ\��p�+��(^]*��La#�Y�2�Jf\�:/no�} ��Zn$�ea5�J1�CH��!p��Y��^8ڕ_��w��eN#V�#U��5��7�۳�8�۹+Z](�d1��%Ϛh��# ��0�?�V�� Rn��6��W��9��|5HA�ޠ��䣫��.p��i� Xk�`;xO��~�9xIڍ��6�zp��֙�� p�X�r�]-<��c��۟H:¢��b*DC�_�4<��ڨ��kB��5�.ǘ�X}�"��˒��L�&g<d��q "��k��v&{T��,��Ų_jX��L��f��ij��[L"��T�8�;�ȲY�,'p\�)0�S,2�~2��,3<y��8��>��m�my�I��Դslٚ��F��ٖ[�)�\�_ԫ��)�j��y�`5�:��s�g�f��O��Tt��9�#��[�D�y��͟�1�p�%c)�+�0��]��MZ`�.�?��)�V�+��]C��[4��.�c��u\�J�h��Y�&2PX�)�0��5��0��Ú�R��_��,��\;��.�et��08쀏�EL�/6`2�i� j��)�EQz�6s�A�;3,�1�Yv[ �c�$��HU��_��̵�\NLPٲkK Q�|�Q�±I��1.��\4~�.��6"dݥ��MH�B��qIo�P\6��>��U�P�(��3(�B'��##�h5��kO�z�+��t-TM��<�[��2� �Ħ�W��7��Z�Ջ��Ͽ:a�E�D��.��D��sF�t۵/PaR�s1N��Z�B�j�QN�Z'yl��I�x8�\�� QV��5 ##�V��1 I��*�>w |�a[E|�C�'^��%��ߠ��G�3��jsVn ��`|D�#�{K��j�YA-��}�̾C��3i�"d��%B�Ɯ�tXr5�z�m1��8JkƵa+�%��v�L*G��=9t�عOirK��.��ic�M�N�`�¼��h5��%�;>�k��R��5L'Q ��"�a�酿8�ݣ~��x�[&a�g��_��PL�O`+��w�v��]Pc��L�X�K�?�1�F�x�`��ֹ� n�,|�#�f�fc��l�G6s��5��\�)�!��,�a�,>�oh��{�G

Sections

.text
Size: - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245fd3d47c88c9059168a6f6b837583b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 322KB

.rdata Size: - Virtual size: 74KB

.data Size: - Virtual size: 28KB

.vmp0 Size: - Virtual size: 10KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 300KB - Virtual size: 298KB

.reloc Size: 4KB - Virtual size: 300B

.rsrc Size: 28KB - Virtual size: 34KB

.text
Size: - Virtual size: 322KB

.rdata
Size: - Virtual size: 74KB

.data
Size: - Virtual size: 28KB

.vmp0
Size: - Virtual size: 10KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 300KB - Virtual size: 298KB

.reloc
Size: 4KB - Virtual size: 300B

.rsrc
Size: 28KB - Virtual size: 34KB