Generator2023[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Generator2023.exe
Size

7.7MB
MD5

0c12ced24f8fa3adc9efd259255d0b26
SHA1

feb2521b1315a709c03ae314f70bc44383e77cf4
SHA256

a2058c4427ad8d701ca8d7bc063833d0c414f01683c6c8228b63973df967b1e6
SHA512

94ed51905b65022c629e6081e389154b961a959b0ad0bf6bf51f8510efd371d268cc44f5c372598d6b635a6750d3fc6d7ebd49d5cedf43c1f286e05d56b46074
SSDEEP

196608:65o+mseDjN7GsMermWS+10Y563u9s6qbV87NMo5:6O+mseVKsMhI0Y563u9nqh8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Generator2023.exe

Files

Generator2023.exe
.exe windows x64

ab96d97baf311970e60ae7b150299132

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayDestroy

kernel32

GetFileInformationByHandle
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
GetLastError
Sleep
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetModuleHandleA
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
LoadLibraryA
HeapReAlloc
GetFullPathNameW
SetFilePointerEx
TryAcquireSRWLockExclusive
CreateDirectoryW
FindFirstFileW
GetQueuedCompletionStatusEx
GetFinalPathNameByHandleW
SetLastError
SwitchToThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
SetHandleInformation
PostQueuedCompletionStatus
WakeConditionVariable
GlobalUnlock
GlobalFree
WakeAllConditionVariable
GetProcessHeap
GetSystemInfo
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetExitCodeProcess
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
AcquireSRWLockExclusive
UnhandledExceptionFilter
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
SetUnhandledExceptionFilter
GlobalLock
HeapAlloc
FindNextFileW
GetCurrentProcess
TerminateProcess
GetFileInformationByHandleEx
GetProcAddress
CloseHandle
FindClose
HeapFree
InitializeSListHead
IsDebuggerPresent
CreateFileW
AcquireSRWLockShared
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

FreeSid
AllocateAndInitializeSid
RegCloseKey
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
SetClipboardData
EmptyClipboard
GetMonitorInfoW
GetClipboardData
OpenClipboard
CloseClipboard
CharUpperBuffW

ws2_32

shutdown
send
getsockopt
getsockname
getpeername
WSAIoctl
WSASocketW
WSASend
WSAGetLastError
accept
listen
bind
ioctlsocket
socket
closesocket
setsockopt
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv

crypt32

CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

secur32

FreeContextBuffer
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
DeleteSecurityContext
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle

gdi32

SetStretchBltMode
GetDIBits
GetObjectW
CreateCompatibleBitmap
DeleteObject
CreateDCW
GetDeviceCaps
DeleteDC
StretchBlt
CreateCompatibleDC
SelectObject

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

vcruntime140

__CxxFrameHandler3
memset
memcmp
memcpy
strrchr
__C_specific_handler
__current_exception
__current_exception_context
memmove

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strcspn
strncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free
_msize

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

log
__setusermatherr
_dclass

api-ms-win-crt-runtime-l1-1-0

exit
_register_thread_local_exe_atexit_callback
_initterm_e
_configure_narrow_argv
__p___argc
__p___argv
_c_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initterm
_initialize_onexit_table
_exit
_cexit
terminate
_crt_atexit
_register_onexit_function
_beginthreadex
_endthreadex
_seh_filter_exe
_set_app_type

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

hr�nL�H'!��F�bg_rdh�m��, ��s�?��#�!�J,�]d+N��=�§L]xk1j�4hn<%kw\�*h�]��ڔ�o��~��U,�'��ݎG:��R�?ɰ�O��X(�� W��!��E�.`Qi�?>y��Jj-Y4�<�_�qR�!,&yV+W��,2A55!��g�s��c]@/�O�2Yؤ��5Hz{ݬ��D�q��Å��5{>�ɸ�/�>j��1�� Q|�]��1nH,d��1��-��c��;s�@D�̛z�~|��6;9/��s%�$'z��nd��a�Me�� bY7��@)o9�{,@��;�� &�AⰟ�AG"��/,��cU��P)Y~��Ì�a[[.��YJ�$B�y��G��/W�Z0��M�9�x��teeo�^pC��&��dV��.��%?�6�>ۮ��Og)�R��r�/k�n^]^�T�˶��Ac��c�lM��D��s��Fw��~z4��B��<��Nȯ��ZV)4L�ٛ$�oX�6��tS�y��ߔ1��nm��(S�9�AP-˓��5;\�br� m~.�V��𷑥�֊��pJ�~��=�N�sXP.�П��y�/zbo@і�R�� T��X_��>�C0��_�?SH>׿8^�6��9�:z�G{�e��W�ȓ��'�C��O�C�\=��IU��b1\�"�a%��x BD��l2��#E#�a^5�3�P%�ӻ��2��_U��稀�iQ�#lx�X��z�8��z��?V��yjT}8��Y�-�Ț��s��N�X�el ��Ƿ�<��l��Sn�P:q� ��6��'��J#�w��4v��Iȯ�t��hY.��C�u1��R��ۻ o��I�ۯ�?��+:�ɢ9)�@{)��n�P)|��c!�hű�]b9Z�o`�ڭ� ��^I�+��ۭ��Y�2ͪ�|�a�8�i41.4_��IGNy��Q��Lt��˶�dωv�¯�f�?�\ȣ �1�3�DS�h5�w#�d@r��N<�^Z�o�� RQ��"�汖�C�b��)��q\^nqo�h��w,�f�\F֊�� EN��5��헝��5YME�&�]��;➍�X��>�!x��ͦ�g�E!��1A�'�ǭT"c� ��f�H�X�|�ݴ�7Qu�*�&w<6]!��A�]*�'k��k]%T�+E��h'�I��/sM9v0�~_��'U�]I`QE 2"� /Is��:��B�� 9�1i�@�u��zAk�9I�x�O��a�� lϲ�R��U�1ɳ� �ѻ��7��.[�ׅ��Nb�^�Y��Ӫ��~}X��c?/&=��`��j�5yb��)�Φ��_��&��[��؟ucP��Ħ٘S��4q47��qT��y)lQ�b��D��_�5�,��VK�pKu��Nx��4�j��W�}=�J��&��{�-4�DNt��u�i��9�|��@��ⷞ(FJ�g��6v�"��bN�9a�ft��ih��]#�.��S��T��k��iU8��geu��4�mB@�>�n+��2 ��?h�s'�׎k��m�I@&!E��A�tQ��fQ��b*��=��}��\�UuZ5�Q{̳��FQ��P��G��{��5��,��@e�n�;}T/6��iTž�|��n�Ln(��G��GM�g� �@��-$��<ThT�8��D+�B�nw?�v��4�.0Eqef-�h��ҵ69]�x�P+��;��a"Nދ�wq�H��X �P��eڭ�71!^�P;�MA��I��/� NzDn�v�H��3B�̓��fZ�S��wR|��q@�[(�2�NH�� B؇��0L��/! �� M|�I5)}�)7VLx�t�s�Ruh� �ټkM�t&��r�+f G�..�h�T��]mYu"��!vQ�z��J�4t��ƛ��)U�Ըy�.a�m�We�:��N�"y�C��͉��Wˀ�gn'��4��3�3T��Nd�/$j�y:��i�sp?��m@�z=��KN'`q:�[�wan|�riȄ�z��W�0j6��i��+W��X��V1��x�%�X*��+pz�4��#�V�҃`�vt�HrsX��@��'��>1�z�yާ�6ϖ��նb(5ꂻ��zk��NK�m'PO�w�H��"~�.�H��D�PAQ(Z#��=�zY,��U��t/�9��Q��t��l��ʮ%E�� 1�bb�h!B�,"��Ŋ?=xp�l��̉e��>)�p�Fa�� _p��_-�PA�o�~�J>��r� bO�aU=%��!�d�P�=�-c��J@A ��`�/��ۛ�0��G^Y��=767��Vp�]3��|K�&��)?��d�g]6�=e ]ն�j*Sl&_`�#�@��7�\��s�^V$�nѪCa��d�G��S��+�ɍ$�n�o� E2��B�؛�Z��UGS��]-ڔ#��hd�e��l7��3��bԨG��\��6��^Q-�焈�"��s��d,�Q��0�y<O~yJR��*�N�t�Y�B>�h1��X�&Nf�m?�t�N�`3 ��G��<T]��_x�� d�0�3X�yQ�!�Pa�'!�v��]v��y>1�=zЄ�n��p�tD��&bɏ�� 8# S��X��Mw��㧲9i�w�Zd7�2��>��u�ҙ��!Sy��%�y��(1��K� �F�֍��5>ϵ��9�?q�=��j-T�k��|y�Vrp��? �� O��ج](K��Y��(s�4��?ݱ�z�LPK ��W�� Э��đR��*v��҅��B� �D�� b��j�V�B['��ѳ�V��F��\~Y��

Sections

.text
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab96d97baf311970e60ae7b150299132

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

advapi32

user32

ws2_32

crypt32

ntdll

bcrypt

secur32

gdi32

ole32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 2.8MB

.rdata Size: - Virtual size: 1.1MB

.data Size: - Virtual size: 27KB

.pdata Size: - Virtual size: 66KB

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 4KB - Virtual size: 4KB

.vmp2 Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 512B - Virtual size: 196B

.text
Size: - Virtual size: 2.8MB

.rdata
Size: - Virtual size: 1.1MB

.data
Size: - Virtual size: 27KB

.pdata
Size: - Virtual size: 66KB

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 4KB - Virtual size: 4KB

.vmp2
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 512B - Virtual size: 196B