c41a0235215b8618ea627a52b9767fc93c3778ed8d25e26957c91b6f46c174ea

Sharing

Copy URL Twitter E-mail

General

Target

c41a0235215b8618ea627a52b9767fc93c3778ed8d25e26957c91b6f46c174ea
Size

680KB
MD5

ddda4524c53d4373e21e6b722ca5e914
SHA1

4e02a228bcb920100e70b72ce10053756e73d5cf
SHA256

c41a0235215b8618ea627a52b9767fc93c3778ed8d25e26957c91b6f46c174ea
SHA512

9ac21f95c4d8d389f2da02b3e7f84d87b2320073306a4168511b1e17e8607d06db124e9a5cba35bca1831ef54a866ab8fff2829d39990876d4a3814a0be0f285
SSDEEP

12288:4Baonq1co+QjYlgonMBjY9/4RWH2s7y/sNGuWnkLppa+blH2Pb05:4BVGcofBklXQkblWPb05

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c41a0235215b8618ea627a52b9767fc93c3778ed8d25e26957c91b6f46c174ea

Files

c41a0235215b8618ea627a52b9767fc93c3778ed8d25e26957c91b6f46c174ea
.exe windows x86

31f7e288b912ef545b32c23881fce65f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
ioctlsocket
WSAGetLastError
htons
bind
listen
accept
inet_ntoa
WSAStartup
connect
gethostbyname
inet_addr
__WSAFDIsSet
select
recv
send
ntohs
getsockname
gethostname
WSACleanup
socket

kernel32

LCMapStringA
FreeLibrary
GetEnvironmentVariableA
SetFileAttributesA
FindClose
FindFirstFileA
FindNextFileA
GetTickCount
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
MultiByteToWideChar
WritePrivateProfileStringA
GetModuleFileNameA
GetStartupInfoA
CreateProcessA
GetStdHandle
WriteFile
DeleteFileA
GetLocalTime
CreateFileA
GetFileSize
ReadFile
HeapReAlloc
ExitProcess
GetCommandLineA
GetModuleHandleA
RtlZeroMemory
lstrcmpA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
QueryDosDeviceA
lstrcpyn
IsBadReadPtr
WideCharToMultiByte
Module32Next
Module32First
VirtualFreeEx
OpenThread
WriteProcessMemory
RtlMoveMemory
IsWow64Process
GetVersion
GetLastError
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
LocalFree
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
CreateThread
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetFileAttributesA
SetFilePointer
lstrcpyA
SetLastError
lstrcatA
GetTimeZoneInformation
SetErrorMode
lstrcpynA
lstrcmpiA
GlobalDeleteAtom
FlushFileBuffers
SetEndOfFile
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
ExitThread
GetSystemTime
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GetExitCodeProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
ReadProcessMemory
GetNativeSystemInfo
CloseHandle
WaitForSingleObject
GetProcAddress
LoadLibraryA
MoveFileExA
GetTimeFormatA
GetDateFormatA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
OpenProcess
CreateEventA
GetCurrentProcessId
OpenEventA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetFocus
GetWindowPlacement
IsIconic
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetClassNameA
GetSystemMetrics
SetForegroundWindow
GetForegroundWindow
IsWindowEnabled
GetParent
EnableWindow
GetMenuItemCount
GetDlgCtrlID
LoadStringA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
PostMessageA
GetWindow
PtInRect
SystemParametersInfoA
GetDC
ReleaseDC
PeekMessageA
CreateDialogIndirectParamA
UpdateWindow
GetMessageA
SendMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
wsprintfA
MessageBoxA

advapi32

LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetUserNameA

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
OleRun
CLSIDFromProgID

shlwapi

PathFileExistsA

gdi32

PtVisible
GetClipBox
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
Escape
GetObjectA
GetStockObject
ExtTextOutA
TextOutA
RectVisible
ScaleWindowExtEx

ntdll

ZwUnmapViewOfSection
RtlAdjustPrivilege

oleaut32

RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantInit
VariantChangeType
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SafeArrayGetElemsize

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

shell32

SHGetSpecialFolderPathA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

Exports

Exports

>��3 ��)Jp��aO��w�1��owv��z<�aɀ�$|��]rm��W�vZ��_>�k��U�Kg�[�Sl��=W�g��n��ύbvb��|�z]͊��d9��(tb�b��L��y��i��Ұ�{Ɛ�/}�}p�mX�g,�G�U�Em�m��`�_�a�2~T��Q�v}��覷<%�Rݧ�~b*��k�R�f�~��o��a�D��(��Ѥ�n�Š�ed��aS ��~��"�!FD��7�t�� [��ئo6�`f�L�L�{� 5H��X#�T�{�Z��{_��8�|B��&H �� b��L� ��$��ch�}΋�܍j��v�KFlx�Pj��l��y�� lnup͹�쎜x��"D#��~�E1T�/�{�k�WR��!Dθ�Y�5��A��L�S��"�K�P�x&�ז5/��zsaC��t��r�Nw��ϑ��NRW�四~�`��1��f/О��~M��;?��]��=��9]�ֱ؊��(Uu�|r�)Td��A*Բ�ޏ�;��cu+��=Z}O�۳f��E� bcJSz��|�~N��7�(ȆTh�DѰA6��Ŕ�l>�AH��^�8�H��7K��|��_=|�1��v�n,��b4ͱ� �Ji�Ϊ�P��Ò��aH`��0��l4!}��]��b��'�&'Bm��O�B��^��j�Չ�ݺ?C�J�fn��~f�/1�o�{�1��Xvl�_V�ieA`� ��Uoq��!��@��Vwȉ?&Q�6��$/ ��GC��I��A�UH:�L�Ar�椲T�rӗ��<��[��S 9}�:M�)��R3W��C4�fm6��|ĭ8r7��*�ј�d�+�"Q�}��ab�1��Ju�p��*�W�8� e$�:�Ȕ�(�ܩ�S>��"ɰ��r�+��޵yS�W�_��j~vP�y|;󧂒B�#<�/ރ�ʌ00۪��B�ݢg��ʂ��o�K��Y�h��N0J L��u�(�"�t��!�8��)%.ǥ\\�~��H>�m�gE�TW9�TT<�gQ��Ͱ�՟y.d~k��y�p��A�/�ԩq/�=��܊�s#��wmD��olj ��+�$�U�;|��F��U,��O��G�Q-��h3 �r~޴_?�փ�Z�>�o�\��ï~pB��}��9V$+;�y#�m_�6��f��1�"��6w�Ҭy�L1_�Y�&8'�4��;��>m:<� �� X^p��E>ec�Y��E�YCR�`��:e?l��9wd*�WHF�i�q�v�xQ"�� 3Y��&��;{60��<��5��I��ݿ�69�-��VJk�Y��SX��A�g� �'F�%Ln��d�6V��B��0�i��Lq9�C�f��C��\�O��y��f��2@��J��x�-m��p�(��`��u��Q&'��Y3�O#�S��̪]�K�V�� iBT洄n��#/�Ϝ ��q�;y~S�j��r�/*�'G��\��A`��]C%��c�os��>/��$��y�ĝi�;�y ��W3��'��ŝ��W6��#s܏��+��0h��gy�Y.O��ϳD��Ta��lh�z|��$��Qͦ�l>�ЉY��$�mn��Z��w"�Ѕ�`,��K��]~*аH"��?!�J�t��$۞.YBk��n�%��MX�� s�{�/�d��_��x��lf�06�aKs*(��k�L'�G�Ɋ�PVK�݀��0K>06�0�!oѫ��>��Y6BY�4��*?X��n{��&y~|�lG�5��C7R�S�ug��n�o-�`��܌`��$�W�*��q��#��_~p��O�.>�K��c,�P��7Ft٤��Ud�k��d��~PVi�oOe�(��.j�laG�p�;7@��=4"z�bׄ��>��2��I#�&F�AFlO>��#��J-��~�o�+[��2�l��%��+�/��jm�K�: j��C�0�LtO0G��ѷ�2=��M��1(W��j��P\�NM�"��LP�+�'ʇy��B�?��=$E�('�J��w[�ۚJ5��#�CR*��P�U��ә��#֝��R�l m��20h��>�эo��ɪ�y��z��s� )��I��=_�T��J��S��响��y?�g&oᡣ|�_B��+��Q?B;1�^E�9��*L`|�b��%|��r�WG#yt�V�ֵy��x ��қ��W͐km\�z!ᇑ��L� um��j��|V�>�Z�#�%G#�6��S��H�E!-/ƪ��~��Ȱ��}�9��һ��p��Q�Y��#LD��΢�:��6�� 0a��&��v"��g�y�6e�Pj��-<�@%��t�ʵ��-~��Գ �F��8Ԡ<�L��i��Y�V��ɒ��g@��/(��0��eJ�:��7 b;�Mͬ��L��4�ߣ��+��K��jT� �m*6�!6�`y׈�t�JC)��h�� @V�P�d��0��j�r��%CϏy+��gF��؊W��V{��$\��,�N��CuP�ꡐ��'ە�� `}G�ϓpGؚ[YgF��,Q{��t��3�V@ cy:<vS�s|I��G��F3�Z��W�z��Ya�mHB� �J��Y�q��7�!��:��`A:�y-��S/��\pFH��7g�J��>R��\��o�� ]��}e5��)�j��I�7{Ʃ�

Sections

.text
Size: - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31f7e288b912ef545b32c23881fce65f

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

shlwapi

gdi32

ntdll

oleaut32

psapi

iphlpapi

shell32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 426KB

.rdata Size: - Virtual size: 26KB

.data Size: - Virtual size: 347KB

.vmp0 Size: - Virtual size: 288KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 580KB - Virtual size: 577KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: - Virtual size: 426KB

.rdata
Size: - Virtual size: 26KB

.data
Size: - Virtual size: 347KB

.vmp0
Size: - Virtual size: 288KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 580KB - Virtual size: 577KB

.rsrc
Size: 92KB - Virtual size: 91KB