e7528efc00c95fe7605b967eb9e68dfea7304ec608381ee95b680555bb5647fb

Sharing

Copy URL Twitter E-mail

General

Target

e7528efc00c95fe7605b967eb9e68dfea7304ec608381ee95b680555bb5647fb
Size

9.6MB
MD5

7c8f9cf26b6314ff0347a36f537288d4
SHA1

4f5df413be31b877c065831593cde9cd98daed42
SHA256

e7528efc00c95fe7605b967eb9e68dfea7304ec608381ee95b680555bb5647fb
SHA512

e80c1685335452f09d05605c310b2e96456561742f0a2b320ebd279ad2cf7fa6c1361d63633d2683c29c40fc1888043401b16f0dff7abd7df19c62acba72de00
SSDEEP

196608:ag8owQd6NFGzEleXZNaiYqm1U/1g8i7I8ULgLKauS:XsFaEleXZNaida73ugLKauS

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7528efc00c95fe7605b967eb9e68dfea7304ec608381ee95b680555bb5647fb

Files

e7528efc00c95fe7605b967eb9e68dfea7304ec608381ee95b680555bb5647fb
.exe windows:5 windows x86

9b0a975897ae0d430c9f61d772b9e9a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutWrite
timeGetTime

ws2_32

getaddrinfo
freeaddrinfo
WSAGetOverlappedResult
WSAStringToAddressW
WSAAddressToStringW
WSASend
WSARecv
WSAIoctl

wldap32

crypt32

CertGetNameStringW
CryptMsgClose
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObject
CryptQueryObject
CertCloseStore

kernel32

GlobalHandle
GlobalUnlock
GlobalFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
GetCurrentProcessId
RaiseException
CreateThread
GetCurrentThreadId
GetLastError
SetLastError
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
MulDiv
lstrcmpW
lstrcmpiW
lstrcpyW
CreateMutexW
CreateEventW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
GetTempPathA
DeleteFileA
DeleteFileW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateThread
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
WTSGetActiveConsoleSessionId
WideCharToMultiByte
DecodePointer
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetUnhandledExceptionFilter
GetLogicalDriveStringsW
CreateDirectoryW
GetTickCount
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
TerminateProcess
FileTimeToSystemTime
GetTempPathW
GetStdHandle
GlobalLock
FindClose
GetProcAddress
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetUserDefaultUILanguage
GetShortPathNameW
GetWindowsDirectoryW
LocalFree
CreateFileA
GetNativeSystemInfo
VirtualFree
IsBadReadPtr
VirtualAlloc
LoadLibraryA
VirtualProtect
lstrcmpA
FileTimeToLocalFileTime
GetModuleHandleA
GetVersion
GetFileType
InitializeCriticalSection
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapCreate
PostQueuedCompletionStatus
SetEvent
GetQueuedCompletionStatus
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
CreateSemaphoreW
ReleaseSemaphore
FreeLibrary
FreeResource
InterlockedCompareExchange
InterlockedExchange
GetVersionExW
FindResourceExW
FindFirstFileA
GlobalAlloc
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
FindResourceW
lstrlenW
lstrcpynW
SizeofResource
LoadResource
Sleep
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FlushInstructionCache
LockResource
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
WaitNamedPipeW
CreateFileW
GetLocalTime
WriteFile
ReadConsoleInputA
SetConsoleMode
InterlockedPushEntrySList
IsProcessorFeaturePresent
GetStringTypeW
GetSystemTimeAsFileTime
EncodePointer
RtlUnwind
FindFirstFileExW
FindNextFileW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
ExitThread
GetFileInformationByHandle
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetConsoleCP
ReadConsoleW
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
GetThreadTimes
FreeLibraryAndExitThread
DuplicateHandle
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
lstrlenA
VirtualQuery
LocalAlloc
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MonitorFromPoint
SystemParametersInfoW
MapDialogRect
LoadStringW
LoadIconW
LoadCursorW
LoadBitmapW
GetWindow
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
FindWindowW
GetDesktopWindow
SetClassLongW
GetClassLongW
PtInRect
MessageBoxW
SetWindowContextHelpId
SetWindowTextW
RemovePropW
GetPropW
SetPropW
InvalidateRgn
EndPaint
BeginPaint
GetWindowDC
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
AppendMenuW
GetMenuItemCount
GetSubMenu
DestroyMenu
CreatePopupMenu
LoadMenuW
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
SetTimer
GetFocus
SetFocus
CharNextW
GetMonitorInfoW
SendDlgItemMessageW
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DialogBoxIndirectParamW
GetForegroundWindow
MapWindowPoints
SetParent
IsDialogMessageW
MonitorFromWindow
IsIconic
wsprintfW
GetUserObjectInformationW
CreateDialogParamW
IsWindowVisible
MoveWindow
ShowWindow
DestroyWindow
IsChild
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
IsRectEmpty
GetIconInfo
LoadImageW
DestroyCursor
GetParent
SetWindowLongW
GetWindowLongW
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
GetSysColor
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
InvalidateRect
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
CharUpperW
ReleaseDC
GetDC
DrawStateW
DrawTextW
ReleaseCapture
SetCapture
GetCapture
GetActiveWindow
GetDlgCtrlID
SetWindowPos
IsWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
PostMessageW
WindowFromPoint
GetProcessWindowStation
GetUserObjectInformationW

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
LineTo
SelectObject
SetBkColor
SetBkMode
SetTextColor
GetObjectW
MoveToEx
ExtTextOutW
GetDeviceCaps
Rectangle
SetViewportOrgEx
CreateFontW
CreateFontIndirectW
ExcludeClipRect
GetClipBox
GetCurrentObject

advapi32

CryptHashData
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
CreateProcessAsUserW
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyW
CryptGetHashParam
CryptAcquireContextW
GetUserNameW
CryptReleaseContext
LookupAccountNameW
CryptCreateHash
CryptDestroyHash
ConvertSidToStringSidW

shell32

Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoGetClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
OleRun
CoCreateGuid
CoInitializeEx
CoTaskMemRealloc

oleaut32

shlwapi

StrPBrkW
StrChrW
PathFileExistsW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_LoadImageW
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipFree
GdipAlloc
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdiplusStartup
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipDrawLineI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily

psapi

GetProcessImageFileNameW
EnumProcesses

wininet

InternetGetConnectedState

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW
GetUserProfileDirectoryW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b0a975897ae0d430c9f61d772b9e9a8

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

wldap32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

gdiplus

psapi

wininet

version

wintrust

userenv

wtsapi32

iphlpapi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 460KB - Virtual size: 460KB

.data Size: 680KB - Virtual size: 680KB

Shared Size: 4KB - Virtual size: 4KB

.vmp0 Size: 1.5MB - Virtual size: 1.5MB

.vmp1 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 72KB

.l1 Size: 23KB - Virtual size: 23KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 460KB - Virtual size: 460KB

.data
Size: 680KB - Virtual size: 680KB

Shared
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 72KB

.l1
Size: 23KB - Virtual size: 23KB