3908c1fd68238c10d253878566346dabd9ce3612398dd52b20582090cf9a7b6f

Sharing

Copy URL

Twitter E-mail

General

Target

3908c1fd68238c10d253878566346dabd9ce3612398dd52b20582090cf9a7b6f
Size

9.3MB
MD5

40f7a09b08f07e4463ff23f5a7083fb6
SHA1

de7c1dc50d85931fba6aca588376164a3a3fcdba
SHA256

3908c1fd68238c10d253878566346dabd9ce3612398dd52b20582090cf9a7b6f
SHA512

91d7f030d29fb6ab1ff55d9ea12ec25e019b90f1730c9bd605f2c15d83f0a33ecae4ce17fc1ab1369fd9c62b716c75fa4e01210890b0519ffc999fc38d3685b2
SSDEEP

196608:KoUNEb8QSoZr4D93VejEHS4yAZKPgyLbd9scQSGbXjJ:Kn4Zr4p33SUZKlYtS8

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3908c1fd68238c10d253878566346dabd9ce3612398dd52b20582090cf9a7b6f

Files

3908c1fd68238c10d253878566346dabd9ce3612398dd52b20582090cf9a7b6f
.exe windows x86

999a1819417b9e871d7b7ff48b969adc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertVerifyTimeValidity
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCompareCertificate
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertNameToStrW
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertSetCertificateContextProperty
CertOpenStore
CertAddEncodedCertificateToStore
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey

kernel32

GetDriveTypeA
RtlUnwind
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetProcessHeap
GetFullPathNameA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
SetCurrentDirectoryA
WriteConsoleW
GetSystemDefaultLCID
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
CreateThread
ExitProcess
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GlobalLock
InitializeCriticalSection
GlobalAlloc
Sleep
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
FindFirstFileA
SetLastError
EnterCriticalSection
GlobalFree
FindClose
LockResource
GlobalHandle
FindNextFileA
DeleteCriticalSection
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
DeleteFileA
GetFileType
GetStdHandle
GetTickCount
GetCurrentDirectoryA
SetEnvironmentVariableA
GetTimeZoneInformation
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalReAlloc
TlsGetValue
LocalAlloc
QueryPerformanceCounter
FormatMessageW
LocalFree
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CreateFileA
CompareStringW
MoveFileA
SizeofResource
FreeResource
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
WideCharToMultiByte
GetModuleHandleW
FlushConsoleInputBuffer
LoadLibraryA
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
GetConsoleOutputCP
GetVersion
GetVersionExW
GetVersionExA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharUpperW
GetSysColorBrush
UnregisterClassW
DestroyMenu
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMessageW
TranslateMessage
ValidateRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
IsDialogMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
GetKeyState
SetMenu
IsWindowVisible
PostMessageW
GetMenuItemID
GetMenuItemCount
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
UnregisterClassA
GetDlgCtrlID
CopyRect
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
CheckMenuItem
GetProcessWindowStation
GetUserObjectInformationW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetWindowRect
MapDialogRect
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
DialogBoxIndirectParamW
GetFocus
RegisterClipboardFormatW
DialogBoxParamW
GetParent
PostThreadMessageW
GetTopWindow
InvalidateRgn
LoadCursorW
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
GetDC
SetWindowContextHelpId
RegisterClassExW
GetWindowTextA
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
SendDlgItemMessageW
GetDesktopWindow
GetSysColor
SetWindowPos
ShowWindow
GetActiveWindow
IsWindow
CreateWindowExW
MessageBoxW
ReleaseCapture
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
TrackPopupMenu
IsIconic
GetSubMenu
SetForegroundWindow
DrawIcon
GetClientRect
ModifyMenuW
LoadIconW
LoadMenuW
EnableMenuItem
GetCursorPos
SetMenuDefaultItem
GetSystemMetrics
SendMessageW
DestroyIcon
MessageBoxA
EnableWindow
UpdateWindow
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

gdi32

ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
TextOutW
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptEnumProvidersW
CryptGetUserKey
CryptHashData
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptSetHashParam
CryptGetHashParam
CryptAcquireContextW
CryptSignHashW
CryptCreateHash
CryptDestroyKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
CryptGetProvParam
CryptGetKeyParam
CryptDestroyHash

shell32

Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsA
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
CoTaskMemAlloc
CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

VariantCopy
SysAllocString
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
OleCreateFontIndirect
SysFreeString
LoadRegTypeLi
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy

ws2_32

recv
send
ioctlsocket
WSAGetLastError
shutdown
WSACleanup
WSASetLastError
WSAStartup
htons
bind
socket
closesocket
accept
listen

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

999a1819417b9e871d7b7ff48b969adc

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wtsapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 324KB - Virtual size: 324KB

.data Size: 88KB - Virtual size: 88KB

.vmp0 Size: 2.8MB - Virtual size: 2.8MB

.vmp1 Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 529KB - Virtual size: 529KB

.l1 Size: 21KB - Virtual size: 21KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 324KB - Virtual size: 324KB

.data
Size: 88KB - Virtual size: 88KB

.vmp0
Size: 2.8MB - Virtual size: 2.8MB

.vmp1
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 529KB - Virtual size: 529KB

.l1
Size: 21KB - Virtual size: 21KB