6e75640e00b8cfb916487ca693db1d90865aaceb39ef29b4b3a38f370551b581

Sharing

Copy URL Twitter E-mail

General

Target

6e75640e00b8cfb916487ca693db1d90865aaceb39ef29b4b3a38f370551b581
Size

3.7MB
MD5

d272505e98aa0b5e987e9796d4a0c9c5
SHA1

fe80724c9c0d14f889d6d9d5016def6797965ccc
SHA256

6e75640e00b8cfb916487ca693db1d90865aaceb39ef29b4b3a38f370551b581
SHA512

6be4a644cd2402235838e97d3ccc5f10309b7ad58ba751fcda1fffbc90163095e381e3ef5f0f5b7f5d91d59d729ded237886cf91336cc8086d3ce2d89d881c0b
SSDEEP

49152:PDkTGtlq9IU6isaCh3Vf6AQ+/EMIMtFj0QUDIwnkWVPvOfczTPL+lS/z2:rZ+snlIIFj0QUDIwxYfcCh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e75640e00b8cfb916487ca693db1d90865aaceb39ef29b4b3a38f370551b581

Files

6e75640e00b8cfb916487ca693db1d90865aaceb39ef29b4b3a38f370551b581
.dll windows x64

00b4297397dd2794bc9bb06289c4c9df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
LocalAlloc
LocalFree
GetFileSizeEx
FindResourceA
LockResource
SizeofResource
CreateDirectoryA
FlushFileBuffers
SetFilePointerEx
DeleteFileA
WideCharToMultiByte
TerminateProcess
OutputDebugStringA
FreeLibrary
LoadLibraryA
GetVersion
CreateMutexA
DeleteFileW
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
CreateFileA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
SetLastError
GetDriveTypeW
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
QueryFullProcessImageNameA
OpenProcess
CreateThread
DeviceIoControl
ReadFile
GetOverlappedResult
CancelIo
GetLastError
WriteFile
GetTickCount
WaitForMultipleObjects
SetEvent
GetSystemInfo
WriteConsoleW
HeapSize
GetProcessHeap
ResetEvent
CreateEventA
InitializeCriticalSectionAndSpinCount
GetTempFileNameW
DeleteCriticalSection
InitializeCriticalSection
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
ExpandEnvironmentStringsW
CreateProcessW
GetShortPathNameW
CloseHandle
WaitForSingleObject
LoadResource
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
EncodePointer
DecodePointer
GetCPInfo
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetStdHandle
GetEnvironmentVariableW
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
LoadLibraryExW
SetEndOfFile
ExitThread
FreeLibraryAndExitThread
ExitProcess
CreateFileW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
SetConsoleCtrlHandler
HeapFree
HeapAlloc
GetConsoleCP
HeapReAlloc
SetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetProcessWindowStation
wsprintfW
MessageBoxW
GetUserObjectInformationW

advapi32

CryptSignHashW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
RegOpenKeyExA
OpenSCManagerA
CreateServiceW
CloseServiceHandle
StartServiceA
OpenServiceA
QueryServiceStatus
RegSetValueExA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptEnumProvidersW
RegQueryValueExA
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
CryptGenRandom

ws2_32

inet_addr
WSACleanup
ntohs
send
closesocket
recv
getsockopt
select
connect
ioctlsocket
htons
socket
WSAStartup
WSAAddressToStringA
WSASetLastError
WSAGetLastError
ntohl

crypt32

CertOpenStore
CertAddEncodedCertificateToStore
CertFreeCertificateContext
CertCloseStore
CertSetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChain
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringA
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertGetCertificateContextProperty

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA

Exports

Exports

ServiceMain
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_Version
cJSON_free
cJSON_malloc
�v"*��r��Ժ��{��,�5/f��o^DB] �J$�|a��(8k�d<��^B�"�!�)�)��cgNV�K݄.�Uc��ob��D`eE�0��ث�-�x�G��& l�~��h�xЅ��k�z�,K!& ��t_�H��窝;LS�w��_�P��l�o|*�S��ޔs>nn��K�it>�}��~�)B��c��1�Y�D��.��,� H ��BpCK��#�}��=t��!_ª�j)Ը�M-g�T�{Cg��2+I&u�R!�$zFb��}�<r�qJx��L�$�S8�9j�Co�o��K�-�`CeϽ�'��)��`I8P!�?uڢ�Q2�9J��76cU�.��r]��v��J�Wh�O� �CyM�Pk��x@�5�s^WZ�jjV=��Q��&a��r� �� $�u<c�j�6��Z߶+:-��S�`�\�@R2� �b("�c>EW��T,�T�a�`m�^p�g��T�%6��z��n��9D�u1}��P��;Lo�8��ۿ6��o�`�F�T�u8��u��{Ǵ\Q�'l8?��9��țWʍ��Q�(�3X3P��}�.|��]�B�@g��*^,��Z>��1H�d�_��:)��t,r��E93̡ۖ�4��ri�K��Q��^�wO � Aw�&��[4n��GSr�>�sDce�JR}j��P_ηN ��-YF��r�xI�QpÌF3�\��Q?QFSs�`��˰Ӻ��D�kp��akM�*��!�:��c�^n��ϴ�ta争��,��e��P��;y,�\�@h�Y ~K=.K=��Z�Z9��ؗ3��,vX��m�4g/��$��?O�"��_+_��C;�~T\d��v��?��Y=J��j�8�%a '��c'k��$6�I��j�ŨCsW�a�`k@|��Vu�[�tl*�xڦ��Â��`[�p2�!&+�I˹ѹl1�)�l�xСyDAj��ٍ��+D��xX~��R�/\�G��.5'`��^ Z+�T:0.*�r0��%��%�z�JO`X�D��9��ڹI6C�9�Cw��K@Lte��O��G��-�>��-��?��؍c��a��f/<��&ȭ��i��u �?�|��2�2��r��z��ǙAW� 1d�&7�^�֮8M�<�Ui��s↼�2M�@R��ɤ�h;ۓl��9�_|*�*O��>�(=A�'��;�bTH��h��G/��'��G��|�}?� F�r�?�d��r�m�p5��:&�ֲ�F�z��,]�z�`��B,�Ḡ�S��F�&��eJl�m䑵�u �kZ��f�/�Y5OB��%�GB��$4o�/3ł��x5��^��|1�ccxhn�?��]��.�_P��Ǖ��Y�.ߌL��7;Whc6��¸r�DSӤ,-f�3��-��Sv��Y��,��Z@v��P��(��G��!+]ޭ��@4��oO*�N�|%�� (��l��0 k9Q��\&"�c�z@��=�?פG�L(h��:��Bܰ�m�˙<5��~�hO��n* :��A�Z!U��:��G�7��օh�1��rMd�5��,��|!%�rĿ��n��g k��=�0>]�I2ʻ�Q!�Wě��3Lf�<�>�ɰ��+�\,�h�n�^�:�� @�uw��%i�:w��w�V��:��a��$̶h{4�8��ֹA��M��5�G��U�p�T�Z��$N=E�c)��w�ҩE/[�s6{{��<.�#��24��M�3�U&<%0�f4K��`�J�׾&�s7$.�By �j�z�D/�G�p��Y��A�n6�T��ԉ��f0�y��A�M��i�<@T(�j1�d��󢯦�I%�՞��s�Џ��m�=�1_��WP� ��[�x��T�j�;T`��=��d�b��ې�>�I�1:�)�1��ze�Ї�g�|2�{edK8D��TFӌ�Wm��e )*�~��uW�w�En��'\X��M2��g��S:��4��ocag��%E;HyH��Jc��*�֨��hk�9)��^��@Hu9�oP4��վ��o�Å�� Œ��ۑ7��y��28�o��%��5��r.�h{�i��zn1�W��T�%��U�b�<qKܾ�Ä��O�v��X��`S��N�jD؝=ЭX�'M\p��<��aLu;�5!��v=l�I��bX ��YDb��|�6>�뎜Z��[� ?�0��Q�+/�5��m|Ύ:̝2��.̗~�VI��S�~K�S��T"-��J��=&l[W��2��P�9uO��O.ʢ2�0�9fuh�тUd��VX�\��Y�k��m�hE�b�,񘨡N9sM0&\0t�0�Q9��j��E��Q�h!�}y�8��0��u~�x]��ذLq=h��~�W�aG??uw��M��u-��*@y��4H��-��Thq��%�iC��ɚW� ��|f�Q�ne�/*��p�� ͬ'��`��h;��ʮ�{`t�NK:�p� *3��L7-��rhG�ؚ�}n��gc�'��zO5K� � z��T��L� �$0��m0Ǯ��G��A��o"u �\sE96�6��^]��KbcB.�tHU�4^�ȗ�O^I�I��h�o�տ�[!}��͔zTWީ�D�$y�u8�t�<m��`��T@E��}�{��h�Wn�[�~��IB�,��jTG̉n�b��R�j�!�ֆ�9�r��ru��/�ɦI+��kL:�#�g�|�d�01�p�� h&S"�غN��~�p_:��F�m�d��k O��X�}~!ߣ�� p!A��İN��u�h��\Q

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 758KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b4297397dd2794bc9bb06289c4c9df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

version

wininet

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 758KB - Virtual size: 757KB

.data Size: 31KB - Virtual size: 56KB

.pdata Size: 106KB - Virtual size: 105KB

.vmp0 Size: 278KB - Virtual size: 278KB

.vmp1 Size: 59KB - Virtual size: 59KB

.reloc Size: 27KB - Virtual size: 27KB

.rsrc Size: 227KB - Virtual size: 226KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 758KB - Virtual size: 757KB

.data
Size: 31KB - Virtual size: 56KB

.pdata
Size: 106KB - Virtual size: 105KB

.vmp0
Size: 278KB - Virtual size: 278KB

.vmp1
Size: 59KB - Virtual size: 59KB

.reloc
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 227KB - Virtual size: 226KB