f548459bd175cbfb77caf4ceb2af3e976f6a1081e46332cc4b6f1351d407ddf7

Sharing

Copy URL Twitter E-mail

General

Target

f548459bd175cbfb77caf4ceb2af3e976f6a1081e46332cc4b6f1351d407ddf7
Size

7.4MB
MD5

bcad1d4a1b04ae04ab20f3db2e67b746
SHA1

9a20de15403dcb809393a26655217dbb233e9f98
SHA256

f548459bd175cbfb77caf4ceb2af3e976f6a1081e46332cc4b6f1351d407ddf7
SHA512

0b1917ef4b6a0b8dab45ce2ded085f20514cf5aa65f74c2f4819349aeaffd6f092afe8106ce16acf752616394686b546ae159f504320052221270afd0de00d0f
SSDEEP

98304:ltYvKTENdNLZ7zHQriBiY4JRREnMVaz+6To3AtZbATNIJZyjXHUQsBbl1GSDXL:GKU5HQrigD+Mki6Tow0m6XHUrB/G

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f548459bd175cbfb77caf4ceb2af3e976f6a1081e46332cc4b6f1351d407ddf7

Files

f548459bd175cbfb77caf4ceb2af3e976f6a1081e46332cc4b6f1351d407ddf7
.dll windows x64

deda879089b3890d288dcc178e9d9e4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
DeviceIoControl
CreateFileW
CreateProcessA
Module32First
CreateToolhelp32Snapshot
lstrcatA
lstrcpyA
QueryDosDeviceA
GetLogicalDriveStringsA
OpenProcess
LeaveCriticalSection
EnterCriticalSection
GetWindowsDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExA
CreateFileA
GlobalFree
GlobalAlloc
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
Sleep
GetLastError
MapViewOfFile
OpenFileMappingA
GetSystemDefaultLangID
CreateSemaphoreA
Process32Next
Process32First
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
InitializeCriticalSection
GetSystemTimes
GlobalMemoryStatusEx
Process32NextW
Process32FirstW
ProcessIdToSessionId
lstrlenW
RaiseException
WaitForSingleObject
TerminateThread
LocalFree
lstrlenA
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetModuleHandleA
GetModuleFileNameA
ExitThread
CreateThread
RtlLookupFunctionEntry
TerminateProcess
UnmapViewOfFile
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
GetStringTypeW
LCMapStringW
HeapDestroy
HeapCreate
OutputDebugStringA
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapSize
RtlUnwindEx
ExitProcess
GetModuleHandleW
FlsAlloc
SetLastError
FlsFree
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
DecodePointer
EncodePointer
RtlPcToFileHeader
CloseHandle
GetVersionExA
GetVersion
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount

user32

CallWindowProcW
EndDialog
GetWindowLongW
SetWindowLongPtrW
GetWindowRect
SetDlgItemTextW
SendMessageW
GetParent
wsprintfA
SetWindowPos
SetWindowLongW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
IIDFromString
CoUninitialize
StringFromCLSID

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

advapi32

OpenProcessToken

wininet

InternetReadFile
HttpQueryInfoW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetConnectA
InternetCloseHandle

ws2_32

ntohl
htonl
gethostbyname
inet_addr
gethostname
WSAStartup
WSAGetLastError
closesocket
WSACleanup
htons
ntohs
recv
send
inet_ntoa
socket
getsockopt
select
connect
ioctlsocket

shlwapi

PathFileExistsA

psapi

GetModuleFileNameExW
GetProcessImageFileNameA

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

iphlpapi

GetExtendedTcpTable
GetAdaptersAddresses
GetIpNetTable
GetAdaptersInfo
GetIpForwardTable

winmm

timeGetTime

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSSendMessageW

Exports

Exports

INFOGW_api_req_netbar_lv
INFOGW_api_req_netbar_lv_ext
INFOGW_api_req_netbar_lv_ext_with_zone_id
INFOGW_api_req_platinum_netbar_lv
INFOGW_api_req_platinum_netbar_lv_ext
QueryPluginInterface

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

deda879089b3890d288dcc178e9d9e4f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

wininet

ws2_32

shlwapi

psapi

setupapi

iphlpapi

winmm

wtsapi32

Exports

Exports

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 28KB - Virtual size: 28KB

.pdata Size: 24KB - Virtual size: 24KB

.vmp0 Size: 2.6MB - Virtual size: 2.6MB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 15KB - Virtual size: 15KB

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 28KB - Virtual size: 28KB

.pdata
Size: 24KB - Virtual size: 24KB

.vmp0
Size: 2.6MB - Virtual size: 2.6MB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 15KB - Virtual size: 15KB