a11b1e8e48780421bc2ad922f6cb8d68696b4ac5eec22558be7eb89e70c901c2

Sharing

Copy URL Twitter E-mail

General

Target

a11b1e8e48780421bc2ad922f6cb8d68696b4ac5eec22558be7eb89e70c901c2
Size

12.0MB
MD5

41cf0b5a21cf5a2c4545a85a1492b435
SHA1

21f8445f838182ca480d6a7d0a93e1b7f8d3978d
SHA256

a11b1e8e48780421bc2ad922f6cb8d68696b4ac5eec22558be7eb89e70c901c2
SHA512

0bea1f2409c17e5b1b168796e081df555c9c10955cae96a93ec45969586056230a5932b34b475b319dbb46a966581667366cb901487c58ddb369c153d91e5374
SSDEEP

393216:+IAY3Q9FrQYjnuNPOUBxRgt9pqmRuSXKfLB0E:XAY3kFrQlWsgt3qmsmUB0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a11b1e8e48780421bc2ad922f6cb8d68696b4ac5eec22558be7eb89e70c901c2

Files

a11b1e8e48780421bc2ad922f6cb8d68696b4ac5eec22558be7eb89e70c901c2
.exe windows:5 windows x86

fa0b488ed4caacc0395095ad67034be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeSetEvent
timeKillEvent
PlaySoundW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

CreateFileW
ReadFile
FindClose
FindFirstFileW
FindNextFileW
DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetUserDefaultLangID
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
Process32FirstW
Process32NextW
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
HeapCreate
FreeResource
GetFullPathNameW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
TerminateThread
GetThreadContext
VirtualFree
VirtualAlloc
FlushInstructionCache
lstrlenA
GetFileSizeEx
GetProcAddress
FreeLibrary
GetLastError
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
WideCharToMultiByte
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
CreateProcessW
ResumeThread
TerminateProcess
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LocalFree
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FormatMessageW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
ReadProcessMemory
LoadLibraryExA
LoadLibraryA
GetComputerNameA
GetLocalTime
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
CreateFileMappingW
GetFileSize
WriteFile
UnmapViewOfFile
GetCurrentProcess
SuspendThread
GetCurrentProcessId
GetCommandLineA
GetModuleHandleW
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameW
GetCurrentThread
LoadLibraryExW
FindResourceW
LoadResource
MultiByteToWideChar
RaiseException
DecodePointer
FindResourceExW
SizeofResource
LockResource
lstrcmpiW
InitializeCriticalSectionAndSpinCount
SetCurrentDirectoryW
GetCommandLineW
GlobalAddAtomA
GetTickCount
CreateThread
Sleep
WaitForMultipleObjects
ResetEvent
InterlockedCompareExchange
LoadLibraryW
GetModuleHandleA
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
HeapDestroy
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LeaveCriticalSection
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDlgItem
GetClassNameW
GetSysColor
DestroyAcceleratorTable
FillRect
CreateAcceleratorTableW
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetDC
GetDlgCtrlID
MessageBoxW
GetActiveWindow
IsWindowVisible
SystemParametersInfoA
DrawTextW
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
SetPropW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
IsChild
GetWindow
SetFocus
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
ReleaseDC
ScreenToClient
GetFocus
GetParent
ShowWindow
SetWindowPos
DestroyWindow
SendMessageW
UnregisterClassW
CharNextW
OffsetRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
FindWindowW
FindWindowExW
GetWindowRect
MonitorFromRect
PostMessageW
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
BringWindowToTop
GetCursorPos
SetForegroundWindow
MonitorFromPoint
GetSystemMetrics
GetMonitorInfoW
GetUserObjectInformationW
CallWindowProcW
EnumDisplayDevicesW
SetTimer
KillTimer
DestroyIcon
GetProcessWindowStation
DrawIconEx
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
EnumDisplayMonitors
CopyRect
PtInRect
RedrawWindow
ClientToScreen
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
LockWorkStation
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
SetWindowLongW
GetWindowLongW
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetClientRect
BeginPaint
EndPaint
InvalidateRect
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
GetIconInfo
SetActiveWindow
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
MapWindowPoints
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
MonitorFromWindow
GetShellWindow
WindowFromPoint
SendMessageA
GetAncestor
GetWindowDC
GetWindowRgn
IsZoomed
SetSysColors
DestroyCursor
GetKeyState
EnableMenuItem
SetRect
InflateRect
IntersectRect
InvalidateRgn
GetCapture
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
EqualRect
IsRectEmpty
UnionRect
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateFontIndirectW
CreateBitmap
EnumFontsW
SaveDC
RestoreDC
ExcludeClipRect
CreateRoundRectRgn
SetGraphicsMode
Rectangle
FrameRgn
CreateHatchBrush
SetROP2
CreatePen
CreateRectRgn
SetDeviceGammaRamp
GetObjectW
GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
SetBkMode
StretchBlt
SetViewportOrgEx
GetTextFaceW
GdiFlush
AddFontMemResourceEx
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
RemoveFontMemResourceEx
DeleteDC
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW

comdlg32

ChooseColorW

advapi32

CryptEnumProvidersW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
GetUserNameA
RegQueryValueExW
RegNotifyChangeKeyValue
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
IIDFromString
CreateBindCtx
CoCreateGuid
OleLockRunning
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

shlwapi

PathFindExtensionW
PathQuoteSpacesW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
PathFileExistsW
StrToIntExW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGraphicsClear
GdipCloneImage
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncodersSize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

getnameinfo
freeaddrinfo
getaddrinfo
WSAIoctl

iphlpapi

GetAdaptersInfo

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

wldap32

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa0b488ed4caacc0395095ad67034be3

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 196KB - Virtual size: 196KB

.vmp0 Size: 1.5MB - Virtual size: 1.5MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 23KB - Virtual size: 23KB

.l1 Size: 23KB - Virtual size: 23KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 196KB - Virtual size: 196KB

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 23KB - Virtual size: 23KB

.l1
Size: 23KB - Virtual size: 23KB