c4decffd213797ba41d2f1efaed44192f7ac743d6c39b95928b64a1a30b8685a

Sharing

Copy URL

Twitter E-mail

General

Target

c4decffd213797ba41d2f1efaed44192f7ac743d6c39b95928b64a1a30b8685a
Size

6.2MB
MD5

3ec3f14eb97ce9651f26f2d092b7b21c
SHA1

b784e4e3aa62a6c2c383fb4e888e1e294cb829bd
SHA256

c4decffd213797ba41d2f1efaed44192f7ac743d6c39b95928b64a1a30b8685a
SHA512

9d7eb54a151af034deb32ad241fac0e4135b8c37d289afb7648436633186343184516ad8629cf47ecbbf2c5397b4b9adaf81fdabea99731c573c7b649a61bda5
SSDEEP

98304:EWUmTpxmbb5q8AhQKZS1lZuwvySavHKxaJUHM58MpkMYZGw6KLCBZL1uP:X4FAhQPF3vyJvHCaaVQkXZb6ECz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4decffd213797ba41d2f1efaed44192f7ac743d6c39b95928b64a1a30b8685a

Files

c4decffd213797ba41d2f1efaed44192f7ac743d6c39b95928b64a1a30b8685a
.dll regsvr32 windows:5 windows x86

197a0ef96a2d798b8d399e162a2c17bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetVersionExA
IsWow64Process
CopyFileA
VirtualAllocEx
WideCharToMultiByte
GetSystemDirectoryA
VirtualFreeEx
GetLogicalDriveStringsA
QueryDosDeviceA
CreateThread
CreateWaitableTimerA
SetWaitableTimer
LoadLibraryA
GetProcAddress
WriteProcessMemory
FreeLibrary
CreateToolhelp32Snapshot
Module32First
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ReadProcessMemory
VirtualQueryEx
GetModuleHandleA
VirtualProtect
RtlMoveMemory
GetStartupInfoW
CheckRemoteDebuggerPresent
LocalFree
Process32First
Process32Next
lstrlenW
GetTempPathW
lstrlenA
CreateFileMappingA
RtlZeroMemory
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
MultiByteToWideChar
GetTickCount
GetTempPathA
ReadFile
GetFileSize
CreateFileA
DeleteFileA
SetFilePointer
FindNextFileA
FindFirstFileA
FindClose
GetLocalTime
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
OpenProcess
IsDebuggerPresent
GetCurrentProcess
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
MsgWaitForMultipleObjects
GetClassNameA
EnumWindows
PeekMessageA
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderPathW

msvcrt

strstr
_stricmp
malloc
realloc
free
strchr
modf
_atoi64
strrchr
floor
_CIfmod
_ftol
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
atoi

oleaut32

shlwapi

PathFileExistsA

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

wtsapi32

WTSSendMessageW

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetdfDIJoystick
Ŗ��Dk�L��v�\;е�k*�X�ǮU�'ser��.�B�Ȕ㩧J�� Go]��-r�ѧM�u7\QQ��;~��"�ŃL��otD��4�ǵ��;�da��5��ײ��&��{��1(��G�#�:�%y{��H:��U18BM%�@�g��E��`�V��.K�e=))��Q��j��k�j��)�-�C��A��M˕��~�Z��n��kL�+�||�� !(�V'�)[��K�)��iu�oY|�!c��0�zNI|��WJCD9�f��\,�܉5�k��:��~~�@��ɼ�۵�#@>폂��uiE �W�k�Ш5�ߙT�?�R~�nV�ڡa��/X@�0�t��:'C�!WB��Zؑ�N��^ؒ��d��#��0$n�wk�b��&@��TXPi�"Pe�� ]�{)|��f��|�i`h�m8�X25��G0�1�Ų�ڊ��7�3��,�-��5�Z�Q��T+E��(�Q�&$ 8��+-KI��Gj��T�܌3Z��&�]_��CC''W]IK9s�mвg�2N�7YY��*I�e{��>֛/D��3�(@��zI�N�H�lw�4�~��lf��}ٸ�%�~��A��a��5��H�5�٨�_nu�J'>�%?= �^��%,=Utu��7��ʼ��؍a��PI�2��0fKe�N�0xϘmTi ^�!��+�� ـ{�� S��E�.$@с;��a��qft�{�� 3L�. ��Mq��dA�%��k�t�ݜa&��h��C� oe��6�[&S'��Pu��^��"��bj��.E�׮c�u��~o�'��`�M'C4�rD�{r@�|^��h<�GEc0�K��Es}�d��<�#;�C�c�Mw� ��gʺ(D ��9bO;l-�P�`��( ᗨG�� q^:6��ǾJ��gd��VW��v��!�SlI��fU��հc"��8��8��M��bXyS�蒖�9��>�w��O��O�;��q(��a��_�M��{5nG��<��P��,o�d�C��+4#5�6ͮ�o衢�Q��+T[ �o*��T�<@� H�bn�6X]`u�uM�� d�ָyǤn��VT �X_�#�@F5��Oi��'��E��/=�d�шU�<�`�` Ԯ j��&�n�l�,*.�L��f��vZ�-B��$�)u�~��5&�2��i�<�^�Ҡ��=�F]i߿P��R�쀿i}��'�b7�9�.��4Q��l��kL8�F��W*L��=�Ic�hj��H0�@Ǣ"�A�ԶT��e��.��B��t>��R��X��>�� =�>�� j�ll��ΰ�C��k��i��2��'~��;��n֗��/8+��M^�U��q�k��L�f�}-�Gh.�� b�2��A\�O�P�3��Tj��,� ��+��f]��:�-"|��&��IKU\2�VaUc�q�� n��$��>��"OI2��l�]=?�YR�CC4Ѣx�\�5fOA?d%k��o�i��-^�=�i��T`o�a�OeޏG��l�ni��\�\�ʢ5�L��2I�ؕ��s�O�M�"�r� u�e��X�1��7�U��[�-��00?%6�mIB�1��ݯ��I�_;nܜ��<��X�-6�i��*�k��Ȭ��iY�a��B�yسƯ ��?��x��E�� Bم�BS!��m�z�R�v�,>1�"�r��A ��@�� yCrR��Ww ,��3��>M�`p�L��~�Z�d��dv��q�em��p:M��C�Ƕ��"1F:�>��VwH�ۢ3��N�7�1u�#�&2@1��^��3p��L��p�F��"�F��I;<T%q�S3�5��K�?��sT��<�"ͺ恶c��93?$��C�~;��A��0̙�\�/v��-��;��MB��<1�Y�kzé��k��`I߅��$;e�PC-|�u��1�E��9Eʁv8�m�� IMԺ"�W5dg'�Y��ص�p��l�.z�'O��e1��U� �*�Ǡ�7Ǆ��&O�$�\]1�f1!��O`��Yv��z�[�?!rd�忨g��9�]f{��f��Mޮ*SH��"(��+̑�.�U��/�H�H0�~��ΐ�Mk�(�pDZ��Ge*��֝�� [��a�� +�N�H;w{+s,:X%�xq?eBzj�Z_��f&zj��Y�!#6X��L��r��{!Q�r�L�(chQ��}�"ޖ;�i~�) A�B�=?��[��9*��G�V�.�[��8w��j��3wʉ��:��W��w��&E�L5�l��|��'��X�S��^��N $�q1� �h�J:'�6e>�c&3�a׉��Ąǐvav�m�Sv)};�A��6��8πfg�L��r*+æ�Se�*j�ʰ��#��t��)%riҸ=uv��&ezH�4>:�qM3��D˨$o��r��fx�t�S�)h�:Т�ى�t��N��"�tZ�o��R��;�<J��(%��[��4��)�sSc�M��;�m[9 D�=��Ӵ�|w��e�/�I��R��a�C}� �/ �Yp$q/!��栝��Fj��]�H�dl��D�h%�S{�e.�/��?8RyWe�D��#@L�JOv�Z�v��/f��9LX��N��څ�ѶN�_C>μ��%>J��`�,�䣳4ڿ��,1ahM�aWG�z��d��D��A��:��<T�[s��u~��˘%��\(��׾8Ll׺L�DnmlN��S�׏�v��>��Ԁ!o� �8��|[�zu�

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 604B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

197a0ef96a2d798b8d399e162a2c17bc

Headers

File Characteristics

Imports

kernel32

user32

ole32

shell32

msvcrt

oleaut32

shlwapi

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 56KB - Virtual size: 56KB

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.vmp1 Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 604B - Virtual size: 604B

.l1 Size: 12KB - Virtual size: 12KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 56KB - Virtual size: 56KB

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.vmp1
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 604B - Virtual size: 604B

.l1
Size: 12KB - Virtual size: 12KB