ad980fff34231b4f661153f45d98c3fcea2a9eacccb153416aed267653dee431

Sharing

Copy URL Twitter E-mail

General

Target

ad980fff34231b4f661153f45d98c3fcea2a9eacccb153416aed267653dee431
Size

8.5MB
MD5

4953bea21ad4167df5ff9324d4de27ea
SHA1

e32ebedc33fbfe3ffcf5ad121497dd475b8f6c74
SHA256

ad980fff34231b4f661153f45d98c3fcea2a9eacccb153416aed267653dee431
SHA512

a81004c9e68a01da684ed68981f5ca64d48f724a4d3f6cccb6e90c4dacdb2f2e303035bf4c6c923ae0bee6b3ebda80b89aab1ba10dcfbc44bb56b164408da215
SSDEEP

196608:wGPfNeT58Kx9xrxVU5NUkuKJVzMiuEApmxI/XcFUKEOa/NPIMnk:rnN68i9xrxVGNUkuKJVzM9mxIUuNQM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad980fff34231b4f661153f45d98c3fcea2a9eacccb153416aed267653dee431

Files

ad980fff34231b4f661153f45d98c3fcea2a9eacccb153416aed267653dee431
.dll windows x86

df09262f407ffb7c682400067fa1a586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc140u

ord14137
ord8757
ord5422
ord4886
ord4715
ord1144
ord503
ord8067
ord5669
ord13656
ord5850
ord5110
ord12559
ord1525
ord1689
ord1692
ord12763
ord14364
ord12884
ord9468
ord1450
ord974
ord2172
ord8754
ord5427
ord14234
ord2304
ord2246
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord2486
ord12541
ord12542
ord5409
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord11983
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6860
ord1052
ord324
ord5763
ord10250
ord3849
ord2332
ord12317
ord13110
ord1986
ord5700
ord13763
ord545
ord11991
ord290
ord14131
ord7642
ord9138
ord1454
ord4239
ord8070
ord3366
ord3260
ord7418
ord14599
ord7712
ord7723
ord7722
ord5228
ord5411
ord5252
ord5525
ord9350
ord5760
ord5549
ord5249
ord5882
ord2389
ord3697
ord6490
ord3145
ord4219
ord1066
ord9126
ord6549
ord1133
ord4815
ord7107
ord458
ord3164
ord3403
ord3404
ord4092
ord10472
ord11396
ord11015
ord9040
ord1111
ord12172
ord9210
ord2760
ord13752
ord6218
ord12131
ord7493
ord1002
ord12168
ord3265
ord3371
ord3372
ord3941
ord12124
ord2682
ord7820
ord5935
ord13703
ord11717
ord6877
ord14596
ord7923
ord14590
ord3055
ord4494
ord9693
ord5790
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3833
ord3838
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord10255
ord3302
ord3305
ord13756
ord6220
ord6129
ord8360
ord1523
ord286
ord1045
ord280
ord296
ord13964
ord13257
ord6588
ord5921
ord293
ord285
ord3189
ord3009
ord7027
ord4224
ord8745
ord2994
ord3874
ord14573
ord2753
ord1179
ord9131
ord2990
ord265
ord2378
ord3797
ord4477
ord3694
ord4664
ord1526
ord6497
ord3147
ord4222
ord8744
ord2993
ord3872
ord1070
ord9128
ord2385
ord2383
ord6751
ord9209
ord3693
ord8219
ord12348
ord1514
ord325
ord1053
ord2365
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord14604
ord12405
ord14657
ord1511
ord266
ord14589
ord1513

kernel32

ReadFile
InitializeCriticalSectionEx
CreateFileW
OutputDebugStringW
GetLastError
CreateFileA
CloseHandle
GetFileSize
DeleteCriticalSection
Sleep
CreateThread
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTickCount
IsBadReadPtr
CreateDirectoryW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
MultiByteToWideChar
LocalAlloc
GetLocalTime
GetCurrentProcess
TerminateProcess
LocalFree
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

KillTimer
SetTimer
SendMessageW
SetWindowsHookExW
CallNextHookEx
GetWindowThreadProcessId
GetDlgItemTextW
SetWindowTextW
PostMessageA
MessageBoxW
GetClientRect
FindWindowW
GetAsyncKeyState
IsWindowVisible
RedrawWindow
EnableWindow
SetDlgItemTextW
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

shlwapi

StrToIntW

uxtheme

EnableThemeDialogTexture

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

winmm

mciSendStringW
timeGetTime

netapi32

Netbios

vcruntime140

memcpy
_CxxThrowException
memmove
__std_type_info_destroy_list
_except_handler4_common
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strchr
memset

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo

api-ms-win-crt-heap-l1-1-0

free
_recalloc
calloc
malloc

api-ms-win-crt-convert-l1-1-0

atoi
strtol

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-string-l1-1-0

strncmp
tolower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
_libm_sse2_pow_precise

wtsapi32

WTSSendMessageW

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df09262f407ffb7c682400067fa1a586

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

shlwapi

uxtheme

msvcp140

winmm

netapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Sections

.text Size: 244KB - Virtual size: 244KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 8KB

.vmp0 Size: 3.3MB - Virtual size: 3.3MB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 16KB - Virtual size: 16KB

.text
Size: 244KB - Virtual size: 244KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 8KB

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 16KB - Virtual size: 16KB