85cce561c7fdac730c37f4d8af4b0629addf8d704c84dc695dda16401ebaef87

Sharing

Copy URL Twitter E-mail

General

Target

85cce561c7fdac730c37f4d8af4b0629addf8d704c84dc695dda16401ebaef87
Size

788KB
MD5

0f4268f2e25e9362519b60f4ea85790d
SHA1

d005f2eea6a86941e1a84e620c147d24950b3a85
SHA256

85cce561c7fdac730c37f4d8af4b0629addf8d704c84dc695dda16401ebaef87
SHA512

46d2e4ea558079b75cb44bdd4f04f83a7f1592875bb0d2efdd99c3eeb59b0cb7e1ed716777e99085d7687f127e1dd4c6744e80eebdc0dfbf21f890a9f3ee7082
SSDEEP

12288:d4kuFg0kOl3QMlzjgDtJur553I6Av8OvKlRJO/9n8A3bceRRqJjHmr4u/L:d4kyndQMlatQH780Qt8A3bceRojyDz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85cce561c7fdac730c37f4d8af4b0629addf8d704c84dc695dda16401ebaef87

Files

85cce561c7fdac730c37f4d8af4b0629addf8d704c84dc695dda16401ebaef87
.dll windows x86

7d5302f5e6a5c0abb0461637616d774d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetThreadContext
GetCurrentProcess
SetThreadContext
GetLastError
SuspendThread
GetCurrentThread
VirtualAlloc
GetModuleHandleA
FlushInstructionCache
ResumeThread
VirtualProtect
GetCurrentThreadId
InterlockedCompareExchange
VirtualQuery
SetLastError
ExitProcess
HeapAlloc
InterlockedIncrement
InterlockedDecrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
TerminateProcess
RtlUnwind
GetVersion
GetCommandLineA
LoadLibraryA
GetProcAddress
FreeLibrary
IsBadReadPtr
HeapFree
HeapReAlloc
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WinExec
GetModuleFileNameA
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
SetLastError
GetTimeZoneInformation
GetVersion
TerminateThread
GetCurrentThread
VirtualAlloc
VirtualFree
SuspendThread
CreateMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedExchange
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
wsprintfA
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
GetForegroundWindow
GetWindowTextLengthA
CharUpperA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
CreateWindowExA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
UnregisterClassA
LoadStringA
GetSysColorBrush
GetCursor
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
DrawStateA
FrameRect
GetNextDlgTabItem
GetWindowTextA
GetDlgItem
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
GetClassNameA
ReleaseCapture
GetDesktopWindow
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer

winmm

waveOutGetNumDevs
waveOutOpen
waveOutReset
waveOutPause
midiStreamRestart
midiStreamClose
midiOutReset
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
waveOutClose
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
PlaySoundA
waveOutRestart
midiStreamStop

ws2_32

recvfrom
ioctlsocket
inet_ntoa
recv
getpeername
accept
ntohl
WSACleanup
closesocket
WSAAsyncSelect

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

gdi32

SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
Escape
ExtTextOutA
RectVisible
PtVisible
CreatePenIndirect
SaveDC
SetWindowOrgEx
SetDIBitsToDevice
SetTextColor
SetBkMode
TextOutA
OffsetViewportOrgEx
SetBkColor
CreateRectRgnIndirect
ExtSelectClipRgn
GetViewportExtEx
GetTextMetricsA
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateDIBSection
SetPixel
SetStretchBltMode
DPtoLP
GetCurrentObject
RoundRect
GetClipRgn
GetTextExtentPoint32A
RestoreDC
CreatePolygonRgn
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreatePatternBrush
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
GetDeviceCaps

msimg32

GradientFill

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ImageList_DrawIndirect
ImageList_Read
ImageList_Create
ImageList_Destroy
ord17
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Draw
_TrackMouseEvent
ImageList_Duplicate

Exports

Exports

Init

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d5302f5e6a5c0abb0461637616d774d

Headers

File Characteristics

Imports

kernel32

user32

winmm

ws2_32

msvfw32

avifil32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 160KB

.data Size: - Virtual size: 681KB

.sxdata Size: - Virtual size: 4B

.vmp0 Size: - Virtual size: 117KB

.vmp1 Size: 768KB - Virtual size: 766KB

.reloc Size: 4KB - Virtual size: 320B

.rsrc Size: 12KB - Virtual size: 34KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 160KB

.data
Size: - Virtual size: 681KB

.sxdata
Size: - Virtual size: 4B

.vmp0
Size: - Virtual size: 117KB

.vmp1
Size: 768KB - Virtual size: 766KB

.reloc
Size: 4KB - Virtual size: 320B

.rsrc
Size: 12KB - Virtual size: 34KB