9ab254a306d9eb2e599ab5939e4ada4f793a2c8ad5bf2798aa9fb2e7ba905da0

Sharing

Copy URL Twitter E-mail

General

Target

9ab254a306d9eb2e599ab5939e4ada4f793a2c8ad5bf2798aa9fb2e7ba905da0
Size

9.6MB
MD5

916924e0c758af5bd3abda999d27b53c
SHA1

437f831152fe4515cc2f1c0086f50a53a08133b0
SHA256

9ab254a306d9eb2e599ab5939e4ada4f793a2c8ad5bf2798aa9fb2e7ba905da0
SHA512

878a7dff780a4f4ee73b8a2a7654c60a6dd62aeebbc614e0cf454b44fe9f4cb09b974fb9b09a00a2505f09d6b5d7a2d00ccf67706832f27bdca851333e209990
SSDEEP

196608:DS53GokHSBiNaPvqJ9wPfJYcbELV4fk1l0D7oe4yhM4:s3y9NaPvQyYXLFQL4yhM4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ab254a306d9eb2e599ab5939e4ada4f793a2c8ad5bf2798aa9fb2e7ba905da0

Files

9ab254a306d9eb2e599ab5939e4ada4f793a2c8ad5bf2798aa9fb2e7ba905da0
.dll windows x86

94fd6e00b1f2775a855fa3b4f31ed594

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CreatePopupMenu
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msimg32

AlphaBlend

shlwapi

PathRemoveFileSpecW

uxtheme

GetThemeSysColor

gdiplus

GdipSetInterpolationMode

oleacc

LresultFromObject

imm32

ImmGetOpenStatus

winmm

PlaySoundA

gdi32

CreateDCA

winspool.drv

DocumentPropertiesA

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderLocation

ole32

OleDestroyMenuDescriptor

oleaut32

SysStringLen

wtsapi32

WTSSendMessageW

Exports

Exports

cef_add_cross_origin_whitelist_entry
cef_add_web_plugin_directory
cef_add_web_plugin_path
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_build_revision
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_blocking_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_force_web_plugin_shutdown
cef_format_url_for_security_display
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_csscolor
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_remove_web_plugin_path
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_list_alloc
cef_string_list_append
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_utf8_to_utf16
cef_string_wide_set
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_time_delta
cef_time_now
cef_time_to_timet
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_array_buffer
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_visit_web_plugin_info
cef_window_create_top_level
cef_write_json
cef_zip_directory
cef_zip_reader_create
create_context_shared

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94fd6e00b1f2775a855fa3b4f31ed594

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msimg32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 307KB

.data Size: - Virtual size: 2.9MB

.vmp0 Size: - Virtual size: 5.1MB

.vmp1 Size: 9.6MB - Virtual size: 9.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 307KB

.data
Size: - Virtual size: 2.9MB

.vmp0
Size: - Virtual size: 5.1MB

.vmp1
Size: 9.6MB - Virtual size: 9.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB