3a8674095a05344644c31bc4c9e9152d74d40c399ef0d48aacbe8f8dd582991b

Sharing

Copy URL Twitter E-mail

General

Target

3a8674095a05344644c31bc4c9e9152d74d40c399ef0d48aacbe8f8dd582991b
Size

15.6MB
MD5

cd9c3218c41cd85fec2214cdf27458b6
SHA1

745faac033a32f568042f346247a6e080511780b
SHA256

3a8674095a05344644c31bc4c9e9152d74d40c399ef0d48aacbe8f8dd582991b
SHA512

c331d97a8a92fd5be54c4db84bc4d18835ad129d218d695627f7d830c7388501e4f4c5ce9b907d1613ba1f73df23dbd8e191f7797c2f73961850ebabc589cedb
SSDEEP

393216:I9wa1DN+X4lEdFShFHd7qN4nX4GwO2tRvmEw/VD7rHqqBhdMrsc55yojT:9a1DN+MEdFShF97qN4nXbwdtRvmEw/dG

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a8674095a05344644c31bc4c9e9152d74d40c399ef0d48aacbe8f8dd582991b

Files

3a8674095a05344644c31bc4c9e9152d74d40c399ef0d48aacbe8f8dd582991b
.exe windows:5 windows x86

e7cb025b511ea4dea72fe614ca961a9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaR8FixI4
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord695
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaI2Abs
__vbaCopyBytes
ord550
ord629
__vbaStrCat
__vbaVarCmpNe
__vbaBoolErrVar
ord553
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaNameFile
ord662
__vbaLenBstrB
__vbaHresultCheckObj
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
ord668
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
__vbaLateMemSt
EVENT_SINK2_Release
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord593
__vbaI4Abs
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord599
__vbaFpR4
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVar
ord520
__vbaFPFix
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
__vbaErase
ord709
__vbaVarZero
ord525
__vbaNextEachCollObj
__vbaVarCmpGt
ord632
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaVarAbs
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaDateR8
__vbaObjVar
ord561
__vbaNextEachCollVar
__vbaI2I4
__vbaLateIdNamedCallLd
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaUI1I4
__vbaStr2Vec
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarDiv
__vbaLateIdStAd
ord607
ord714
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaR8Str
__vbaVarInt
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
ord320
__vbaVarDup
__vbaStrToAnsi
ord612
ord321
ord613
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaVarTstGe
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
__vbaRecDestructAnsi
_CIatan
__vbaUI1Str
__vbaCastObj
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
ord619
__vbaStrVarCopy
ord542
ord650
ord543
_allmul
__vbaLenVarB
ord544
__vbaLateIdSt
ord545
_CItan
ord546
__vbaFPInt
ord547
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
ord548
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
__vbaI4ErrVar
ord581

wtsapi32

WTSSendMessageW

kernel32

VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

Exports

Exports

%��(�j2bXEJ��m��/Hl^��[�i0k��+��8W�� j��T�{р�OH8F �^�V$yC��sC�E�"&�A8p8��2�� 0�ݸ^� �#1D'��Nu�ؤ��FD�<2�vǛnߍ��j�$^%%e��,b�G\5�� $�='��L��۵:"O��=2�e6:�"��q �!_0y�C��,�Ѓ�u�kq��i�-��{��l&�#� � h��h_�#d=��I��7��z�QK�q��`g|��L��]U�)Mv;�b��2��}f�Z��.rR�2\��U�nN��H�)�p�� ~"�5�Vnf~6=G�%�B�v�-�3q��XKIbZ P�B��Dk9��A��J�ߡT��$�g�FD�$�!�T�1^7rp��N��6tݦ,u��F ro&�@`�J��ӷ��;�J�4�9�߃pSP�##�� qiP,�U�ϛ�m�2�Jj��Zg��bj̅�� ҏ�$�/��޺k�P"��U ��Y)�+W�e�<f�;S7��Tu�U]5 ��a[J��5�t:�N>�{Q$)jI��QT��A{�j�7%iKؤe�o<�]�"�?��q1S�%�F��ŃL��t[#�U��Yc��8�^�ښ�7�5�h�Ӱ�@�E��e�UX1��Ц>|��,�d�ɕx��'��I�,څX�j�Ӊ��r��j@�O�OMr��J�ЦX��<@�˕�ť��ZyX�kp d4��z�*��,o�-�,��T|�OEVT`�~��#��6hЫs*��D�i� �:�=I�� b�7x�Oe=��e�� #Ǽ� 6�TG$��y �u�� 1k߶�_��伧-6��E��@r�� t+�c��@�a��cCb�P��ن�샚��c&\�[3��mpT�Z4��kg �V��D�Hc��C2 t�v�/�П�`G^�^8��Q��W�=`'�ܮ\��&}�(��!j��c��9N�ߕU��u�YvD�� AN7ǪMRTi-&�m��5j_]�`��p!�O�[>9D˯hI��I��:L��(̱~|�xX�#�R�� C�$5��C��X�� D(�<�b'�pS�t��H��4�0�}VR�W��|�Y�g�#�Q>��Q:��>4==�׎(�.�� 9��^��^�Ѫ��$�h��ixy�m�j��ݞ|x��u�7�;[�;KR^D�B��.c�ۖ�˫��!X�#\&�w�e T}+-/S�jZ�_��0Zy3�)>�O�mdU��&�ضVM�{��S�8��ul��X�6ZrĶ=�� F&�_��g'�Jd��b9�:(�fKp�J��>��S�� Z��\*�y9Utch�{�CFI)rB�# �B*��*��ڥ��8��.��(�j��ٞ^�t�[�k�@�uѨ��;ACE!3Z+�.iÜ��u{E&�n��q�o��ы��c5��}�A��j4Y��9�(�_^.;��$\@��*�AI�*��|��2釁��p�EP<[t�w�r�]� A��64��!n S�]I��O@IK,FP4�ȁ�@{�V?9�?,~N�U��$��,��/d�̠�g�G��)��W��B,��z�L&U��\�v#��D=�j�`tT_ ��L?]F��Z�s?��·�R�?�pW��%K ��!�NlWg[��cWttHw�_��ô�?��J~�Ȓop��ܱU}��e�No|W�z��x`��Oi��!��u��]��:�'�_kh�PHY�9�fY)s�9R¡�S��̊��%�V9=��?X�ť��շ��Q��i*R�B��S�Qu�cZLV2��!3P�� v�%D��T��_�E?��U=�obZ4W��bh�/��7TR%��[�`�!vtcΘ^~��/��u�;�(��K�CAb��%��tzE[�2��Rd�3 �ƬZ�VFM�8��qZ��տi� kߊ�ad��e��_sWw^��^5��K�:�̽�Dl��`�^�xѲ\��#�G��Jɬ��~B��0ɧU�x��W�t��[�-5�ôuzУ��2;�}�\6� ��n��<!� ��1� >��F1�K}.2��^��>I�n�MӯW�)ۚ� ��%� ��Y��_ ;Gssԩ�-��Eqfq��Җ��-U��N#eaf�+�Pv~�� ��R�`��]/ͨj�7*N@�Y��ɹ��w��h��P��uU�`�R��av�DϱN⍦�f�T��x�Z�}~?�\��I-yJ�!'��m=>�� (;!��a��JI7��#��r��z��]=/��}��+��6Bn�̠�vVRA_U{H��.}%YA�t�A#��*�"��æ�m�u��g/r�5��6�� !�PU<�">K4�bRL�b��8��ˮ��֍�;1�bk�~�V!ڱoDK��o�/a�4�� )Z�ơCtEb�kwLMRS��RIV�W��Zمɝ!��tq�+/�G�� .��Q�=�~)��S"��s�Ki�hRtEd��YvR��_|i�#f� ��! E �� 9goi˸��9�6UEBx)��M��P�cB��+�J�eW7kE<��H~�uE��Jy��<��}��u�o��\-��qqv}�<��kvi�v��8` ��cꬿ��?�� ì�� Qqr~�v�y��䟒l�H%k�'~mOo�A��j%-N�$�#O"��3��c�9��i� ��a��/=/4O�m}|�6W��43&�J�u/O#�A?ffF��\|7��

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7cb025b511ea4dea72fe614ca961a9d

Headers

File Characteristics

Imports

msvbvm60

wtsapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 44KB - Virtual size: 44KB

.vmp0 Size: 5.6MB - Virtual size: 5.6MB

.vmp1 Size: 8.0MB - Virtual size: 8.0MB

.rsrc Size: 30KB - Virtual size: 30KB

.l1 Size: 16KB - Virtual size: 16KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 44KB - Virtual size: 44KB

.vmp0
Size: 5.6MB - Virtual size: 5.6MB

.vmp1
Size: 8.0MB - Virtual size: 8.0MB

.rsrc
Size: 30KB - Virtual size: 30KB

.l1
Size: 16KB - Virtual size: 16KB