ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d.exe.zip
Size

3.4MB
MD5

84a681e97a898a4fd980542fb0d32452
SHA1

5f4c83fc617a7f51197ca6bbb5a449204e4c078b
SHA256

8de833b63f643e8bdd7fe0c1febaf6fbcd2ad28c30f51d5cb63cad667ca73f97
SHA512

5dd89086b5794b3aeae78c581ed8ae139a2a1d202239fe9e1f96c0236e2118408d6163025000d918badcd1ff5229ed2faf7f9c1330daf75d5c0115d642af635d
SSDEEP

98304:bNs+fhza67p0fYsQRjtxmTHH8HETg3hjQo0GE:bu+5/7p4l4jt2HckTh8E

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d.exe

Files

ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d.exe.zip
.zip

Password: infected
ff08a99195b843a08b00dd0b852397f704dfb97f0d86dcdb4c6a113edadeb47d.exe
.exe windows:5 windows x86

42f6a1c1e283820f732d935bfc1b78a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmSetCompositionWindow
ImmGetCompositionWindow
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetIMEFileNameA
ImmGetDescriptionA
ImmSetOpenStatus
ImmGetCompositionStringA
ImmSetConversionStatus
ImmGetConversionStatus
ImmReleaseContext

dsound

ord1
ord2

opengl32

glColor4f
glDisable
glEnd
glVertex2f
glTexCoord2f
glBegin
glColor3f
glTexImage2D
glBindTexture
glFlush
glClear
glPopMatrix
glAlphaFunc
glDepthFunc
glTranslatef
glRotatef
glLoadIdentity
glPushMatrix
glMatrixMode
wglDeleteContext
wglMakeCurrent
glGetString
wglCreateContext
glClearColor
glVertex3f
glNormal3f
glVertex3fv
glColor3fv
glDeleteTextures
glTexParameteri
glGenTextures
glTexEnvf
glDepthMask
glPolygonMode
glFrontFace
glStencilFunc
glColorMask
glStencilOp
glScalef
glColor4ub
glEnable
glGetFloatv
glReadPixels
glBlendFunc
glViewport
glFogfv
glFogf
glFogi
glTexEnvi
glGetIntegerv
glColor3ub

glu32

gluPerspective
gluOrtho2D

winmm

timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
mmioWrite
mmioOpenA
mmioDescend
mmioRead
mmioAscend
mmioClose
timeGetTime
timeEndPeriod

ws2_32

getservbyport
gethostbyaddr
getservbyname
htonl
listen
WSASetLastError
connect
gethostname
setsockopt
socket
shutdown
recv
closesocket
WSAStartup
bind
htons
inet_addr
__WSAFDIsSet
select
getpeername
getsockname
inet_ntoa
ntohs
ioctlsocket
accept
WSASend
WSAAsyncSelect
sendto
WSAGetLastError
send
WSACleanup
gethostbyname

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wzaudio

wzAudioCreate
wzAudioOption
wzAudioDestroy
wzAudioGetStreamOffsetRange
wzAudioPlay
wzAudioStop

kernel32

InterlockedCompareExchange
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetTickCount
IsBadReadPtr
lstrlenA
GlobalUnlock
GlobalLock
CreateFileA
GetCommandLineA
CloseHandle
ExitProcess
ReadFile
GetFileSize
GetLastError
GetPrivateProfileStringA
GetCurrentDirectoryA
DeleteFileA
CopyFileA
SetFileAttributesA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
WinExec
Sleep
FindClose
FindFirstFileA
GetLocalTime
GetCurrentThreadId
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
SetFileTime
WriteFile
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
WritePrivateProfileStringA
GetSystemDirectoryA
lstrcmpiA
GetVersionExA
SetProcessAffinityMask
SetThreadPriority
SetPriorityClass
GetProcessAffinityMask
GetThreadPriority
GetPriorityClass
GetCurrentThread
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
SetConsoleMode
GetStdHandle
AllocConsole
FreeConsole
SetConsoleTitleA
GetConsoleTitleA
SetLastError
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReadConsoleOutputA
GetCurrentProcessId
SetUnhandledExceptionFilter
GetExitCodeThread
WaitForSingleObject
CreateThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedExchange
CompareStringA
CompareStringW
GetThreadContext
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
lstrcpynA
Module32Next
Module32First
GetModuleFileNameA
RemoveDirectoryA
FindNextFileA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadStringPtrA
OpenFileMappingA
IsBadWritePtr
SetEvent
SetEndOfFile
GetModuleHandleA
CreateMutexA
ResumeThread
ResetEvent
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
CreateEventA
OpenEventA
OpenMutexA
MoveFileExA
lstrcatA
TerminateThread
ReleaseMutex
GetComputerNameA
lstrcmpA
GetModuleFileNameW
VirtualProtect
VirtualQuery
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
SetStdHandle
CreatePipe
PeekNamedPipe
lstrcpyA
GetFileAttributesW
CreateDirectoryW
DeleteFileW
lstrlenW
CreateFileW
SetFileAttributesW
GetFileSizeEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetTimeZoneInformation
GetStartupInfoA
MoveFileA
ExitThread
GetCPInfo
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
HeapCreate
HeapDestroy
FatalAppExitA
HeapReAlloc
GetACP
GetOEMCP
EnterCriticalSection
InterlockedIncrement
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
InterlockedDecrement
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalFree
CompareFileTime
FileTimeToDosDateTime
GetSystemTime
FormatMessageA
GetFullPathNameW
GetCurrentDirectoryW
GetTempPathW
MoveFileW
CopyFileW
SetCurrentDirectoryW
SetCurrentDirectoryA
RemoveDirectoryW
GetFileTime
FindFirstFileW
FindNextFileW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

ChangeDisplaySettingsA
FindWindowA
SystemParametersInfoA
DefWindowProcA
ReleaseCapture
ReleaseDC
ShowCursor
KillTimer
IntersectRect
wsprintfA
SetTimer
SetScrollPos
GetScrollPos
SetCapture
SetFocus
PostMessageW
CreateWindowExW
ShowWindow
GetDC
PostQuitMessage
SendMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextA
GetCaretPos
GetWindowLongW
SendMessageA
CallWindowProcW
OpenClipboard
GetClipboardData
CloseClipboard
SetWindowLongW
DestroyWindow
SetRect
GetActiveWindow
GetCursorPos
ScreenToClient
GetDoubleClickTime
EndPaint
BeginPaint
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetForegroundWindow
GetSystemMetrics
AdjustWindowRect
IsIconic
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
UpdateWindow
EnumDisplaySettingsA
GetDesktopWindow
SetWindowsHookExA
UnhookWindowsHookEx
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetWindowThreadProcessId
GetClassNameA
GetSystemMenu
DrawMenuBar
RemoveMenu
EnumChildWindows
SetWindowPos
GetKeyboardLayoutNameA
wvsprintfA
GetAsyncKeyState
PtInRect
OffsetRect
MessageBoxA
PostMessageA
SetCursorPos
UnregisterHotKey
RegisterHotKey
GetWindowRect
IsWindowVisible
CallNextHookEx
GetFocus
GetKeyboardLayout

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
SetTextColor
SetBkColor
SwapBuffers
GetStockObject
SetPixelFormat
ChoosePixelFormat
GetTextExtentPoint32W
TextOutW
CreateFontA

advapi32

CryptGetUserKey
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenKey
CryptExportKey
CryptGetProvParam
CryptEnumProvidersA
CryptAcquireContextW
RegSetValueExW
CryptGenRandom
RegEnumValueA
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptGetHashParam
GetUserNameA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

dbghelp

SymCleanup
SymGetLineFromAddr64
SymFromAddr
StackWalk64
SymInitialize
SymSetOptions
MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
InternetOpenUrlA
InternetConnectA
InternetOpenA
InternetReadFile
InternetOpenW
InternetConnectW
HttpQueryInfoW
HttpSendRequestA
HttpOpenRequestW
InternetQueryDataAvailable
FtpOpenFileW
FtpFindFirstFileW

crypt32

CertNameToStrA
PFXExportCertStoreEx
CertDeleteCertificateFromStore
CertSaveStore
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateStore
CryptEncodeObject
CryptSignMessage
CertOpenStore
CryptDecryptMessage
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptMsgControl
CryptDecodeObject
CertGetIntendedKeyUsage
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertCreateCertificateContext
CryptAcquireCertificatePrivateKey
CertVerifyRevocation

urlmon

URLDownloadToFileW
URLDownloadToFileA

Sections

.text
Size: - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 138.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

42f6a1c1e283820f732d935bfc1b78a0

Headers

DLL Characteristics

File Characteristics

Imports

imm32

dsound

opengl32

glu32

winmm

ws2_32

version

wzaudio

kernel32

user32

gdi32

advapi32

shell32

ole32

dbghelp

iphlpapi

wininet

crypt32

urlmon

Sections

.text Size: - Virtual size: 9.1MB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 138.1MB

.vmp0 Size: - Virtual size: 653KB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 512B - Virtual size: 228B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: - Virtual size: 9.1MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 138.1MB

.vmp0
Size: - Virtual size: 653KB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 512B - Virtual size: 228B

.rsrc
Size: 9KB - Virtual size: 8KB