e804219508ac241e0789aa8cdddac4ccee6d06d20f922417bfcf4ccd2d3615e2

Sharing

Copy URL Twitter E-mail

General

Target

e804219508ac241e0789aa8cdddac4ccee6d06d20f922417bfcf4ccd2d3615e2
Size

1.4MB
MD5

99de1d3335b3d899a82ee246374df5a8
SHA1

3915b433823fc3fbd4f989ccf9a7cf1c58d2be4a
SHA256

e804219508ac241e0789aa8cdddac4ccee6d06d20f922417bfcf4ccd2d3615e2
SHA512

17d3965bfbc3b72e6406507ca404437b6ab6998b2e69fb233200ba7ca461a9930b90081b7258d712307ca8c89ccf7eb4574519429c9a99e42e5e076c064e7197
SSDEEP

24576:skypzCJyZpv0NAazNZoF1QqUqESfybpYRpDCU/rDU9BJ91Jko7uX:VypWJyD9azNZoF1Qqfo6HCpBT1aSuX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e804219508ac241e0789aa8cdddac4ccee6d06d20f922417bfcf4ccd2d3615e2

Files

e804219508ac241e0789aa8cdddac4ccee6d06d20f922417bfcf4ccd2d3615e2
.exe windows x86

cdb7c9cd29553ae4efd750f6e7fb40e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
LoadResource
SizeofResource
WriteFile
CloseHandle
lstrcpyA
lstrcatA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
FindResourceW
FindResourceExW
SetCurrentDirectoryA
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
ReleaseSemaphore
CreateSemaphoreA
GetNativeSystemInfo
CreateEventA
SetLastError
PostQueuedCompletionStatus
GetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
WaitForMultipleObjects
GetFileSize
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
SetEvent
ResetEvent
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
ExitProcess
RaiseException
MulDiv
lstrcmpA
GetTickCount
GetTempPathA
DecodePointer
FreeLibrary
GlobalHandle
GlobalFree
lstrcmpiA
LoadLibraryExA
FindResourceA
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
GetCommandLineA
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryExW
ExitThread
CreateThread
EncodePointer
RtlUnwind
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
TerminateProcess
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapReAlloc
GetProcAddress
LockResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileW
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
InterlockedCompareExchange
InterlockedDecrement
IsDBCSLeadByte
InterlockedIncrement

user32

TranslateMessage
DispatchMessageA
PeekMessageA
PostMessageA
GetClassNameA
RegisterWindowMessageA
SendMessageA
DefWindowProcA
CallWindowProcA
UnregisterClassA
GetParent
wsprintfA
GetSystemMetrics
GetWindowRect
MapWindowPoints
LoadImageA
MonitorFromWindow
GetMonitorInfoA
GetMessageA
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CreateDialogIndirectParamA
EnableWindow
MsgWaitForMultipleObjectsEx
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
EndDialog
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
IsDialogMessageA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
SetWindowContextHelpId
MessageBoxA
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetDlgItemTextA
SetDlgItemTextA
MapDialogRect
LoadCursorA
GetWindow

gdi32

GetTextMetricsA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectA
SelectObject

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject

oleaut32

LoadRegTypeLi
SysAllocStringLen
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
SysAllocString
LoadTypeLi
VariantClear
VariantInit
SysStringLen

comctl32

InitCommonControlsEx

winmm

timeGetTime

ws2_32

WSAStartup
listen
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
recv
WSAGetOverlappedResult
socket
connect
bind
WSACleanup
getaddrinfo
WSASend
WSARecv
WSAIoctl
WSAGetLastError
shutdown
setsockopt
ntohs
inet_addr
htons
getsockname
closesocket
freeaddrinfo
send

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdb7c9cd29553ae4efd750f6e7fb40e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

winmm

ws2_32

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 34KB - Virtual size: 34KB

.vmp0 Size: 12KB - Virtual size: 11KB

.vmp1 Size: 1024B - Virtual size: 824B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 34KB - Virtual size: 34KB

.vmp0
Size: 12KB - Virtual size: 11KB

.vmp1
Size: 1024B - Virtual size: 824B

.reloc
Size: 12KB - Virtual size: 11KB