1d275cd2604f5dc5885a0a50c968a35648a89eebfa000b4aaaf93bdedf968248

Sharing

Copy URL Twitter E-mail

General

Target

1d275cd2604f5dc5885a0a50c968a35648a89eebfa000b4aaaf93bdedf968248
Size

640KB
MD5

9541b0f57b45d35a41a99437dfdf4aab
SHA1

6ee9b28db6d8d2f901df448f48df73119aa37593
SHA256

1d275cd2604f5dc5885a0a50c968a35648a89eebfa000b4aaaf93bdedf968248
SHA512

ff6fc7e5e88474e78d68403ca9cfb869f20732fbbd04aec6799204187bc28fccdbec6df6051401263823c3b45403bb11c57b58d783ae0b43c8c94041dfbd0444
SSDEEP

12288:MDr0DKg2Bbz3OnBkE9FwDNzW41Iw0hWq7KthQ5kjoK1E+XKqWow:MDrvB/OB19F0XhX/0yrrXnWP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d275cd2604f5dc5885a0a50c968a35648a89eebfa000b4aaaf93bdedf968248

Files

1d275cd2604f5dc5885a0a50c968a35648a89eebfa000b4aaaf93bdedf968248
.exe windows x86

024778cb2447e5fcae23e0e1db1b1735

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreateEx

imm32

ImmCreateContext
ImmAssociateContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmGetCompositionStringA
ImmGetCandidateListA
ImmReleaseContext
ImmGetConversionStatus

wsock32

WSAGetLastError
send
socket
inet_ntoa
closesocket
htons
ioctlsocket
gethostbyname
connect
setsockopt
WSACleanup
WSAStartup
select
__WSAFDIsSet
recv

kernel32

FreeLibrary
GetProcAddress
OutputDebugStringA
LoadLibraryA
ExitThread
WaitForMultipleObjects
CreateThread
CreateEventA
CopyFileA
DeleteFileA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseMutex
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileAttributesA
RtlUnwind
GetVersion
GetCommandLineA
GetStartupInfoA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
TerminateProcess
GetFileType
FileTimeToLocalFileTime
Sleep
GetFileSize
MultiByteToWideChar
GlobalHandle
GlobalFree
CreateFileA
WriteFile
CloseHandle
FileTimeToSystemTime
InterlockedIncrement
GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
GetTickCount
FreeEnvironmentStringsA
CompareStringW
CompareStringA
RaiseException
IsBadCodePtr
InterlockedDecrement
GetSystemTime
GetTimeZoneInformation
FlushFileBuffers
PeekNamedPipe
WideCharToMultiByte
SetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
DeleteCriticalSection
SetEndOfFile
GetLocalTime
ResumeThread
ResetEvent
GetModuleHandleA
GetExitCodeProcess
CreateProcessA
ReadFile
SetFilePointer
WaitForSingleObject
OpenEventA
GetModuleFileNameA
lstrcatA
GetLastError
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
OpenMutexA
TerminateThread
CreateMutexA
GetComputerNameA
lstrlenA
lstrcmpA
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
GetAsyncKeyState
GetCursorPos
ScreenToClient
DestroyWindow
PostQuitMessage
SetCursor
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
AdjustWindowRectEx
ShowWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
UpdateWindow
SetSysColors
GetSysColor
LoadIconA
LoadCursorA
RegisterClassA
SetWindowTextA
GetKeyboardState
PostMessageA
ShowCursor
SetRect
ClientToScreen
GetClientRect
OffsetRect
GetDC
ReleaseDC
OpenClipboard

gdi32

GetDIBits
BitBlt
DeleteObject
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetDeviceCaps
SetTextColor
TextOutA
CreateFontA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

dsound

ord1

winmm

timeGetTime
mmioOpenA
mciSendCommandA
mmioDescend
mmioRead
mmioAscend
mmioClose

ws2_32

WSASend

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

advapi32

RegCloseKey
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
CryptReleaseContext
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
RegEnumValueA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 11.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GPPE
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 628KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

024778cb2447e5fcae23e0e1db1b1735

Headers

File Characteristics

Imports

ddraw

imm32

wsock32

kernel32

user32

gdi32

shell32

ole32

dsound

winmm

ws2_32

wininet

advapi32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 16KB

.data Size: - Virtual size: 11.0MB

.idata Size: - Virtual size: 20KB

.rsrc Size: - Virtual size: 8KB

GPPE Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 628KB - Virtual size: 624KB

.rsrc Size: 8KB - Virtual size: 54KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 16KB

.data
Size: - Virtual size: 11.0MB

.idata
Size: - Virtual size: 20KB

.rsrc
Size: - Virtual size: 8KB

GPPE
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 628KB - Virtual size: 624KB

.rsrc
Size: 8KB - Virtual size: 54KB