3ae33872d0e8f632b022f0277716e99dbe60976be8a6f24f611a02b125159bce

Sharing

Copy URL Twitter E-mail

General

Target

3ae33872d0e8f632b022f0277716e99dbe60976be8a6f24f611a02b125159bce
Size

12.0MB
MD5

5e5e511173e46816184b6889dfc8ef0b
SHA1

8f129a13cfed0d98742b0421d20ca7d3e919b8ba
SHA256

3ae33872d0e8f632b022f0277716e99dbe60976be8a6f24f611a02b125159bce
SHA512

bba018188ac5f7a3ef8433d1ec6951bc7a64d7fae6959abe0418e76c82b6e4d5c654caf2dcc0a0e1af7c17bb412ded9a2915349c05a78d8e622dfac19c5bf89e
SSDEEP

393216:W0jqdyIsn2IPbYj0tA2eFrOqRuXr/pOD963:oPu/tAKq0XjeW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ae33872d0e8f632b022f0277716e99dbe60976be8a6f24f611a02b125159bce

Files

3ae33872d0e8f632b022f0277716e99dbe60976be8a6f24f611a02b125159bce
.dll windows:5 windows x64

d4765b89cd31e54c01297337fa85f9c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

hid

HidP_GetUsageValue
HidP_GetScaledUsageValue
HidP_SetData
HidD_GetHidGuid
HidP_MaxUsageListLength
HidD_SetNumInputBuffers
HidP_UnsetUsages
HidD_GetPhysicalDescriptor
HidP_GetSpecificValueCaps
HidP_GetData
HidD_GetPreparsedData
HidP_GetUsagesEx
HidP_GetValueCaps
HidD_GetAttributes
HidP_GetLinkCollectionNodes
HidD_GetInputReport
HidD_GetManufacturerString
HidD_SetFeature
HidP_GetUsageValueArray
HidD_GetNumInputBuffers
HidP_MaxDataListLength
HidP_GetUsages
HidD_SetOutputReport
HidP_GetSpecificButtonCaps
HidP_GetButtonCaps
HidD_GetSerialNumberString
HidP_SetUsageValue
HidP_UsageListDifference
HidP_SetUsages
HidD_GetMsGenreDescriptor
HidD_FreePreparsedData
HidD_GetFeature
HidP_GetCaps
HidD_GetProductString
HidD_FlushQueue
HidD_GetIndexedString
HidP_SetUsageValueArray

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsA

msvcr100

memcmp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memcpy
__CxxFrameHandler3
_mbsstr
_mbsnbcpy
_localtime64_s
_close
_tell
_read
_write
_lseek
_stricmp
strtod
isprint
memset
__C_specific_handler
_CxxThrowException
putc
_strdup
fprintf
strerror
_errno
fseek
ftell
fgets
getenv
_gmtime64
_mktime64
_localtime64
isspace
strtol
memchr
strrchr
strncmp
_strnicmp
strchr
_snprintf
_atoi64
free
malloc
??3@YAXPEAX@Z
calloc
realloc
_vsnprintf
sprintf
??2@YAPEAX_K@Z
strcpy_s
strncpy
atoi
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wcsicmp
atol
printf
toupper
rand
srand
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_purecall
memmove
memcpy_s
sprintf_s
strstr
sscanf
_time64
fclose
fwrite
__clean_type_info_names_internal
fopen

mfc100

ord9145
ord7063
ord3934
ord856
ord1244
ord10602
ord11005
ord2454
ord12762
ord12710
ord1415
ord12758
ord12764
ord6745
ord1291
ord11231
ord3980
ord3357
ord5813
ord1895
ord3697
ord4108
ord11331
ord4689
ord4687
ord5586
ord10867
ord10859
ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord10871
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord814
ord1209
ord321
ord13144
ord12357
ord11774
ord7576
ord4308
ord2024
ord815
ord1210
ord5540
ord1948
ord3313
ord5596
ord2137
ord6640
ord4445
ord4597
ord4461
ord4895
ord4700
ord10840
ord12358
ord7575
ord11465
ord7190
ord2538
ord305
ord8135
ord4892
ord4722
ord4458
ord11470
ord13106
ord405
ord1457
ord11770
ord893
ord2051
ord2014
ord2012
ord6641
ord6631
ord4595
ord7065
ord8977
ord8000
ord5871
ord6865
ord1266
ord876
ord6580
ord11312
ord3991
ord7539
ord7534
ord408
ord12938
ord2440
ord10964
ord10593
ord955
ord409
ord1461
ord3990
ord11428
ord12752
ord4190
ord5969
ord11565
ord12955
ord10984
ord12936
ord2018
ord10961
ord5769
ord11775
ord11776
ord12757
ord11311
ord1688
ord11173
ord4185
ord362
ord921
ord2136
ord3285
ord2530
ord2040
ord1945
ord2002
ord396
ord1914
ord2050
ord2048
ord1906
ord1844
ord322
ord1275
ord2524
ord11125
ord4124
ord310
ord300
ord1294
ord316
ord4340
ord857
ord1245
ord889
ord1831
ord2022
ord11197
ord5035

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
QueryPerformanceCounter
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
lstrcmpiA
GetCurrentProcessId
GetModuleHandleW
GetTempFileNameA
GetCurrentThreadId
CreatePipe
OpenThread
SetThreadPriority
CreateProcessA
GetExitCodeProcess
UnmapViewOfFile
WaitNamedPipeA
GetSystemTimeAsFileTime
ResumeThread
OutputDebugStringA
FlushFileBuffers
GetVolumeInformationA
GetDiskFreeSpaceExA
GetModuleFileNameA
GetTempPathA
LockResource
SizeofResource
SetEvent
CreateEventA
MultiByteToWideChar
SetCurrentDirectoryA
GetCurrentDirectoryA
CopyFileA
CreateThread
LocalAlloc
LocalFree
lstrlenA
GetModuleHandleA
TerminateThread
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenW
WideCharToMultiByte
GetFileAttributesA
CreateMutexA
Sleep
CreateDirectoryA
CloseHandle
GetLastError
CreateFileA
SetLastError
ReadFile
WriteFile
GetVersionExA
FlsSetValue
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount

user32

SetLayeredWindowAttributes
SetWindowLongPtrA
MoveWindow
OffsetRect
DestroyWindow
EqualRect
PtInRect
CopyRect
GetCursorPos
CallWindowProcA
LoadCursorA
SetCursor
IsWindowVisible
wsprintfA
GetDesktopWindow
UnregisterDeviceNotification
GetMessageA
RegisterDeviceNotificationA
SendMessageA
DefWindowProcA
PostMessageA
BeginPaint
EndPaint
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
GetParent
GetClientRect
GetSystemMetrics
GetDC
ReleaseDC
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
PostQuitMessage
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

gdi32

CreatePen
LineTo
MoveToEx
CreateSolidBrush
ExtCreatePen
SelectObject
DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

OleCreatePropertyFrame
SysFreeString

msvcp100

?_Xlength_error@std@@YAXPEBD@Z

gifenc

ord3
ord6
ord4

ca_core

ord54
ord51
ord6
ord4
ord16
ord14
ord49
ord23
ord18
ord48
ord20
ord26
ord47
ord39
ord38
ord42
ord46
ord22
ord43
ord50
ord53
ord55
ord2
ord3
ord1
ord5
ord10
ord9
ord44

httpsrv

ord6
ord2
ord8
ord5
ord9
ord3
ord7
ord1

libcrypto-3

ERR_load_ERR_strings
OPENSSL_init_crypto
RC4
RC4_set_key
DH_compute_key
BN_bin2bn
BN_bn2bin
BN_num_bits
DH_generate_key
DH_free
BN_hex2bn
DH_new
BN_free
MD5_Init
BN_CTX_free
BN_mod_exp
BN_CTX_new
BN_sub_word
BN_copy
BN_cmp
BN_set_word
BN_new
HMAC_Final
EVP_sha256
HMAC_Init_ex
HMAC_CTX_reset
HMAC_Update
ERR_error_string
BIO_new
BIO_f_base64
BIO_s_mem
BIO_push
BIO_write
BIO_ctrl
BN_value_one
BIO_free_all
MD5_Update
MD5_Final
ERR_get_error

libssl-3

SSL_CTX_set_options
SSL_free
SSL_shutdown
SSL_write
SSL_read
SSL_ctrl
SSL_CTX_free
SSL_CTX_set_default_verify_paths
TLS_method
SSL_CTX_new
OPENSSL_init_ssl
SSL_connect
SSL_set_fd
SSL_new

zlibwapi

ord22
ord20
ord19

sdl2

SDL_RenderClear
SDL_UpdateYUVTexture
SDL_GetWindowSize
SDL_Delay
SDL_DestroyWindow
SDL_DestroyRenderer
SDL_DestroyTexture
SDL_CreateTexture
SDL_CreateRenderer
SDL_CreateWindowFrom
SDL_SetHint
SDL_RenderCopy
SDL_GetNumAudioDevices
SDL_Init
SDL_CloseAudioDevice
SDL_PauseAudioDevice
SDL_GetError
SDL_OpenAudioDevice
SDL_FlushEvents
SDL_InitSubSystem
SDL_WasInit
SDL_MixAudioFormat
SDL_SetCursor
SDL_FreeCursor
SDL_CreateSystemCursor
SDL_RenderPresent
SDL_GetAudioDeviceName

gdiplus

GdipCreateBitmapFromScan0
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipMeasureString
GdipDrawString
GdipSetPageUnit
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromFileICM
GdipSaveImageToFile
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup

d3d9

Direct3DCreate9

winmm

waveInMessage
timeGetTime
timeKillEvent

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
HttpQueryInfoA
InternetReadFile

ws2_32

inet_addr
htons
socket
inet_ntoa
setsockopt
WSAGetLastError
htonl
gethostbyname
connect
ntohl
ioctlsocket
select
getsockopt
recv
send
closesocket

rpcrt4

UuidFromStringA

wtsapi32

WTSSendMessageW

Exports

Exports

CA_4k30_hdr_getSourceInfo
CA_4k30_hdr_getset_hdrflag
CA_AddFilter
CA_AddOverlayDevice
CA_AdjustVolume
CA_CheckIsRegistered
CA_CheckState
CA_ClearRegisterCode
CA_CloseDevice
CA_DeleteFilter
CA_DeleteOverlayDevice
CA_EditFilter
CA_EditOverlayDeviceCfg
CA_ForceEnableHDCP
CA_GetAudioRenderDevices
CA_GetCaptureAmpValue
CA_GetCaptureDeviceCapacity
CA_GetCaptureDevices
CA_GetCurrentAudioInfo
CA_GetCurrentDeviceCapacity
CA_GetEncodeH264EngineList
CA_GetEncodeH264Parament
CA_GetFrameDataFps
CA_GetLiveInfo
CA_GetMatchAudioDeviceIdx
CA_GetOverlayPrivateData
CA_GetRecordFileSize
CA_GetVBSLinks
CA_Initalize
CA_Install_madVR
CA_IsFoundBoxPro_but_no_driver
CA_IsPauseRecord
CA_IsVBSRunning
CA_IsmadVR_isValid
CA_Log
CA_OpenDevice
CA_PauseRecord
CA_PreviewEnable
CA_QueryDeviceLost
CA_ReadINIString
CA_ReadInternetFile
CA_Register
CA_Release
CA_RestartRecord
CA_Rubber_Create
CA_Rubber_Hide
CA_Rubber_IsShow
CA_Rubber_SetKeepAspect
CA_Rubber_SetLimit
CA_Rubber_ShowAt
CA_ScreenShot_bmp
CA_ScreenShot_gif
CA_ScreenShot_gif_stop
CA_SearchVBSServer
CA_SetAudioRenderDevices
CA_SetCaptureAmpValue
CA_SetEncodeH264Parament
CA_SetHWData
CA_ShowCameraControlWindow
CA_StartLive
CA_StartRecord
CA_StartUSBDeviceListen
CA_StartVBS_Server
CA_StartVBS_live
CA_StopLive
CA_StopRecord
CA_StopVBS_Server
CA_StopVBS_live
CA_TestHWData
CA_UpdateHDC
CA_UpdateVideoSize
CA_VBSFilesChanged
DumpCamera_AddFilter
DumpCamera_DelFilter
DumpCamera_EditFilter
DumpCamera_Start
DumpCamera_Stop

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4765b89cd31e54c01297337fa85f9c8

Headers

DLL Characteristics

File Characteristics

Imports

hid

setupapi

msvcr100

mfc100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp100

gifenc

ca_core

httpsrv

libcrypto-3

libssl-3

zlibwapi

sdl2

gdiplus

d3d9

winmm

wininet

ws2_32

rpcrt4

wtsapi32

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 252KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 20KB - Virtual size: 20KB

.pdata Size: 12KB - Virtual size: 12KB

.vmp0 Size: 5.0MB - Virtual size: 5.0MB

.vmp1 Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 32KB - Virtual size: 32KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 20KB - Virtual size: 20KB

.pdata
Size: 12KB - Virtual size: 12KB

.vmp0
Size: 5.0MB - Virtual size: 5.0MB

.vmp1
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 32KB - Virtual size: 32KB