c3825ed9a12b5215bcb80041f1aecfa5692ae02300bee50eb1ba17c88801277d

Sharing

Copy URL Twitter E-mail

General

Target

c3825ed9a12b5215bcb80041f1aecfa5692ae02300bee50eb1ba17c88801277d
Size

15.4MB
MD5

7fa0724fbf24a77e37b5223ab8675f3a
SHA1

1b1c1375440b105604bf61c2c6f7729e5d267e3c
SHA256

c3825ed9a12b5215bcb80041f1aecfa5692ae02300bee50eb1ba17c88801277d
SHA512

ea848a02cdee3d848a737a29228d7c78641b1f654795cb2be846f72dd880d4a01ce16c7cbe0f3b02580429754317aca5b3de39ec7a2d360a6a646a47b31d1f72
SSDEEP

196608:xdYGf7ZiqnwoZ0Ch5hGv/tIroDnwhrSkAaWqbLbHXhhVG3sXYDxnHKlhBq+a1ziJ:XfwK006yoTwhrpABshW8XYVHG1ahKt

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3825ed9a12b5215bcb80041f1aecfa5692ae02300bee50eb1ba17c88801277d

Files

c3825ed9a12b5215bcb80041f1aecfa5692ae02300bee50eb1ba17c88801277d
.dll windows x86

d11bb7dd6a186eabfc19f919eb3ec089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d8

Direct3DCreate8

kernel32

CreateFileMappingA
K32GetModuleInformation
GetTickCount64
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
K32GetProcessMemoryInfo
DuplicateHandle
GetCurrentDirectoryW
IsWow64Process
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThread
CreateFileW
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualFree
SetLastError
GetModuleHandleW
LoadLibraryExW
WriteFile
GetModuleHandleA
IsProcessorFeaturePresent
GetProcessHeap
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
FlushFileBuffers
LCMapStringW
OutputDebugStringW
HeapReAlloc
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
ReadFile
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
GetModuleFileNameA
DisableThreadLibraryCalls
MapViewOfFile
HeapSize
CloseHandle
CreateFileA
K32EmptyWorkingSet
WritePrivateProfileStringA
Sleep
LoadLibraryA
GetProcAddress
VirtualQuery
VirtualProtect
VirtualAlloc
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
GetLastError
GetCurrentDirectoryA
SetStdHandle
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
LocalFree
FormatMessageA
FindClose
FindFirstFileExW
FindNextFileW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetVersionExA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

GetMessageA
PostQuitMessage
RegisterClassA
CreateWindowExA
DispatchMessageA
TranslateMessage
GetCursorPos
ShowWindow
GetWindowTextW
LoadCursorA
ScreenToClient
SetCursor
GetForegroundWindow
GetCapture
IsChild
TrackMouseEvent
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ClientToScreen
FlashWindowEx
SetCursorPos
ReleaseCapture
SetCapture
GetAsyncKeyState
GetDesktopWindow
GetWindowRect
UpdateWindow
SetLayeredWindowAttributes
DestroyWindow
UnregisterClassA
PeekMessageA
SetWindowLongA
GetWindowLongA
GetClientRect
EndPaint
BeginPaint
SetWindowPos
DefWindowProcA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

gdi32

GetStockObject
SelectObject
TextOutA
SetBkColor
CreateSolidBrush

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA

shell32

ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

wtsapi32

WTSSendMessageW

Exports

Exports

ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 993B - Virtual size: 993B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d11bb7dd6a186eabfc19f919eb3ec089

Headers

DLL Characteristics

File Characteristics

Imports

d3d8

kernel32

user32

gdi32

advapi32

shell32

imm32

dwmapi

wtsapi32

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 872KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 1.1MB - Virtual size: 1.1MB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 4KB - Virtual size: 4KB

.data1 Size: 4KB - Virtual size: 4KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 8.2MB - Virtual size: 8.2MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 993B - Virtual size: 993B

.l1 Size: 11KB - Virtual size: 11KB

.text
Size: 872KB - Virtual size: 872KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1.1MB - Virtual size: 1.1MB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 4KB - Virtual size: 4KB

.data1
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 8.2MB - Virtual size: 8.2MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 993B - Virtual size: 993B

.l1
Size: 11KB - Virtual size: 11KB