edf793a66c98c9f560b94807e6b4508056cb2a3179b0de5cb45e0ff97634af90

Sharing

Copy URL Twitter E-mail

General

Target

edf793a66c98c9f560b94807e6b4508056cb2a3179b0de5cb45e0ff97634af90
Size

5.6MB
MD5

00158066d91a7d76d555972723743c44
SHA1

7d77613a57dc723751da3b3c6a5b3a20c7ed0377
SHA256

edf793a66c98c9f560b94807e6b4508056cb2a3179b0de5cb45e0ff97634af90
SHA512

6433cbf585e8e81ee04b3583a7769588ed518b464fd1e2900e1a5230362734c9e8640feda7f4ecb230220177e33d0502aec40abfb45c4aefa17c7912c7844b9b
SSDEEP

98304:EhoNSzjm+4J20DfvYm0rsqJBxUr086FqUqHTYMtDBU2gn67T9I:EhoNmmJM0LQPrsqVUEYU2TYMLU09I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edf793a66c98c9f560b94807e6b4508056cb2a3179b0de5cb45e0ff97634af90

Files

edf793a66c98c9f560b94807e6b4508056cb2a3179b0de5cb45e0ff97634af90
.exe windows x86

3babd2a73bc62eb1e80b9d987ca329f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultUILanguage
GetOEMCP
GetCPInfo
FindClose
FindFirstFileA
FlushFileBuffers
GetFullPathNameA
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
GetVolumeInformationA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileAttributesExA
GetFileSizeEx
GetFileTime
SetErrorMode
GetTickCount
SystemTimeToTzSpecificLocalTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
GetSystemInfo
GetLocaleInfoW
VirtualProtect
VirtualQuery
SetStdHandle
GetFileType
CreateThread
ExitThread
HeapQueryInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetStdHandle
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetStringTypeW
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
FileTimeToSystemTime
GlobalFlags
lstrcmpA
GetSystemDefaultUILanguage
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
EncodePointer
FormatMessageA
MulDiv
LocalFree
FreeResource
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
GetACP
MultiByteToWideChar
OutputDebugStringA
DeleteCriticalSection
GetPrivateProfileSectionA
DecodePointer
VirtualAllocEx
EnterCriticalSection
HeapSize
RaiseException
InitializeCriticalSectionEx
ReadFile
TerminateProcess
LeaveCriticalSection
VirtualFreeEx
OpenProcess
CreateRemoteThread
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetEnvironmentVariableA
Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateProcessA
GetFileSize
WriteFile
TerminateThread
lstrlenA
GetModuleHandleA
SetCurrentDirectoryA
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CloseHandle
GetLastError
CreateSemaphoreA
WriteProcessMemory
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
lstrcpyA
GetCurrentDirectoryA
Sleep
DeleteFileA
WritePrivateProfileStringA
LockResource
SizeofResource
WideCharToMultiByte
VirtualAlloc
lstrcpynA
GetVersionExA
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

RegisterClipboardFormatA
PostThreadMessageA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthA
RemovePropA
SetPropA
RedrawWindow
ValidateRect
GetForegroundWindow
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
SetWindowPos
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetParent
SendDlgItemMessageA
UnregisterClassA
FindWindowExA
FindWindowA
EnumWindows
IsWindowVisible
MessageBoxTimeoutA
SetWindowTextA
GetWindowTextA
IsHungAppWindow
GetWindowThreadProcessId
wsprintfA
UpdateWindow
InvalidateRect
SetTimer
EnableWindow
SendMessageA
PostMessageA
GrayStringA
GetWindowLongA
SetWindowLongA
CheckMenuItem
GetCursorPos
LoadIconA
ScrollWindow
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
LoadIconW
GetPropA
IsWindow
GetDesktopWindow
GetWindow
TrackPopupMenu
SetForegroundWindow
AppendMenuA
CreatePopupMenu
PtInRect
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
SetRect
InvalidateRgn
GetWindowRect
MessageBoxA
CopyAcceleratorTableA
OffsetRect
CharNextA
KillTimer
ReleaseCapture
SetCapture
CharUpperA
LoadCursorA
GetSysColorBrush
RealChildWindowFromPoint
SetCursor
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
DestroyMenu
TranslateMessage
GetMessageA
IntersectRect
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
DrawTextExA
DrawTextA
ReleaseDC
GetDC
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageA
IsDlgButtonChecked
GetClassInfoA
CharUpperBuffW
MessageBoxW

gdi32

GetStockObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetMapMode
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
Escape
DeleteObject
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetTextColor
DeleteDC
GetDeviceCaps
SetBkColor

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CryptHashData
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW

shell32

SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
SHBrowseForFolderA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathFileExistsA
PathStripToRootA

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
CoRegisterMessageFilter
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoCreateGuid
CoRevokeClassObject
OleFlushClipboard
CoTaskMemAlloc
OleIsCurrentClipboard

oleaut32

SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocString

oledlg

ord8

urlmon

URLDownloadToFileA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
DeleteUrlCacheEntry

dbghelp

MakeSureDirectoryPathExists

ws2_32

gethostname
send
WSAGetLastError
connect
inet_addr
htons
socket
WSAStartup
closesocket
recv

oleacc

CreateStdAccessibleObject
LresultFromObject

wtsapi32

WTSSendMessageW

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3babd2a73bc62eb1e80b9d987ca329f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

dbghelp

ws2_32

oleacc

wtsapi32

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 36KB - Virtual size: 36KB

.vmp0 Size: 2.4MB - Virtual size: 2.4MB

.vmp1 Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 67KB - Virtual size: 67KB

.l1 Size: 21KB - Virtual size: 21KB

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 36KB - Virtual size: 36KB

.vmp0
Size: 2.4MB - Virtual size: 2.4MB

.vmp1
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 67KB - Virtual size: 67KB

.l1
Size: 21KB - Virtual size: 21KB