b94711fefb9fd027d71be6f394a765aa7e45321437fa1819840c9838bd2852cf

Sharing

Copy URL

Twitter E-mail

General

Target

b94711fefb9fd027d71be6f394a765aa7e45321437fa1819840c9838bd2852cf
Size

2.5MB
MD5

d1af47586300e938f4116e9203c81298
SHA1

da6e4e72c75fd30608ce624ddb3427d7f37b3730
SHA256

b94711fefb9fd027d71be6f394a765aa7e45321437fa1819840c9838bd2852cf
SHA512

bd36cf40b25a052cc3f13d7f84dcb1cd24cef21963b59e7f03b99a0b0c74908fc4a04d5436eaccdcf893a21208ce2216e0e7f51454c2d36eb3387b5cce05681d
SSDEEP

49152:blulEEl/b4E7JUlh9nYCCh16uNvJ6RqmsWFnHcIwv7SQDA0cve0uH:blu+o/kQooh1tR6RY+8rSQXcW0I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b94711fefb9fd027d71be6f394a765aa7e45321437fa1819840c9838bd2852cf

Files

b94711fefb9fd027d71be6f394a765aa7e45321437fa1819840c9838bd2852cf
.exe windows:5 windows x86

8a0b21e4e7472297c881944b095e318b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetErrorMode
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
WaitForSingleObject
FileTimeToLocalFileTime
FindNextFileA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleFileNameA
FileTimeToSystemTime
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
FreeResource
GetCurrentDirectoryA
ExitProcess
SuspendThread
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
ResumeThread
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
UnmapViewOfFile
OutputDebugStringA
CreateThread
CreateFileA
GlobalFree
DeviceIoControl
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
Process32Next
GetLocalTime
SetCurrentDirectoryA
CreateProcessA
CopyFileA
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
FreeLibrary
InterlockedDecrement
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcess
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
HeapDestroy
CloseHandle
LoadLibraryW
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageA
TranslateMessage
ValidateRect
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDC
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
EnableWindow
SendMessageA
GetWindowLongA
GetDesktopWindow
ScreenToClient
FindWindowA
IsWindow
InvalidateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowTextA
EnumWindows
PostMessageA
SetCursorPos
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
MessageBeep
GetNextDlgGroupItem
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SetWindowTextA
ExitWindowsEx
ShowWindow
GetSystemMetrics
LoadIconA
SetParent
IsIconic
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ClientToScreen
SetWindowPos
PtInRect
DrawEdge
GetClientRect
SetTimer
GetSubMenu
LoadMenuA
GetCursorPos
CopyRect
GetWindowRect
GetCapture
SetCapture
LoadCursorA
ClipCursor
ReleaseCapture
SetCursor
LoadBitmapA
UpdateWindow
CharUpperA
DrawIcon
AppendMenuA
GetSystemMenu
ReleaseDC
MessageBoxW
CharUpperBuffW

gdi32

CreateFontIndirectA
GetMapMode
DPtoLP
GetBkColor
GetTextColor
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetRgnBox
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
MoveToEx
LineTo
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
BitBlt
CreateCompatibleDC
GetObjectA
TextOutA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
GetFileTitleA
ChooseColorA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA

shell32

DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
DragFinish

comctl32

ord17
ImageList_Destroy

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathIsDirectoryA
PathFindFileNameA

oledlg

ord8

ole32

CoTaskMemAlloc
OleInitialize
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysStringByteLen
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
GetErrorInfo
SysAllocStringByteLen

lua51

luaL_newstate
luaopen_table
luaopen_string
luaopen_math
luaL_openlibs
lua_pushcclosure
lua_setfield
lua_pushstring
lua_tolstring
luaopen_base

iphlpapi

GetAdaptersInfo

ws2_32

socket
htons
WSAStartup
send
recv
select
__WSAFDIsSet
connect
closesocket
inet_addr
inet_ntoa
gethostbyname
gethostname
WSACleanup

Exports

Exports

?��JEqޝݒ�B��2it7�m 福��F�~�ti0�ׂz��X�0�V�DwyP��8F,�I7��I��5]�DE(�8�@r�P�z�f�#A��Y��N,y�&��(6U]�o;Y�~6Yi�8H��ȫ5L`ձE�s��fr<��\X�Q�b�b4��(3c��4��vH�%-�B�#��>�1�̾�9#մ��S�Y݃�*_��ߊ</�&��(.��ֆk��w��W:f>gn��""B�!��1Y$K��b�!��AK��$�4�ѱ��:�6l �ݐ�,(2�c��I[2��DDS2�m�1��*��4{�\tД��JnB�5��i��7Z�c�]gt�,y�F\c0��hF�c�"k��"��E�X��X�p�Nbu7'�&��GMTT;�� >A��AڈnX��ĀՍW�%Ǽ�A�� U��D�X'[�u1��뽏�ي��/��ڎ3��C\�N-56*!\l�n3�b��3��v=��0k�M�9�@�3�n�|b��w��o�~�1�|�h,|�h��Ys�$+��^k�`�a޳��6��v��f`�8W+;��s��y�[�Y4$M=��b'��,@}W̩:{>G�_�ΠI]��d�n��`��,W��5��g_��I=�n��5�M�}��ӌ��f6Z��G+1�J4l4(��;�B��.��-�(��<�N^@ɞ;��L��ףG�Q;\9G�� j2b̷1O��6u�[�M(��R��L]�<�`ܗ�@�>�P�Hh��T�^-�/��~f<%�h��>v~��m�ƶ#��H��ն��N�h�u7y�U�+� [LRUu�g�)�y�N�ӄ��}�:��tDY��[%[��d,n�qr��^^ߠ{�d�S�O��ݡ��ף�(��e��yH��yQ��B~��հ��ו�1�(/��W��ai>��:7�qbs��=�s&ۥ�� ؙo/��[|�wݏzӤ �X�-ʦ&��F0m��-Q��Z�$��N�-�,N��1U"�Y�8bg��O��^.�}��O#ccK��G�$��@U2�up�� yi��&��ݭe4!fE��[��勆��a˖��'qR�4��y�Y��i��4��*��y<��PJ��c̛��0n�1�8;��X��T�w3��N%��H܌��_C2�xPs��$��]t�0�@&�x\��a�")�:��_��|�hs��I��U�`U_[��S��?+K��6��Y��s��Z�>�*6�^�e|�@):[��%�~%D��!��7M��J��4Z:��C�a+�t\�N@&�$z��װ�A ��[�%��&Kf�ILqf��,��$� ��(@g�H��j|ξ _7�Hq�!�%7it?Q^��Wxe<�� O��a��Ü��N�r�� q��g��(��+u�N�~��Ƒ?"��Lc֭�ŵ��`}��v�9��L��>Nؽ�jF"�$tB��z|�� I:��F{OS�<�X�ڼ|l��@m��Vwi�;"��L�\��'CD�Koş8��J��ea��3*�juqe�v�s|s��g�b�\3͒Ӝ�&��o�e%�<�!��5�/��.�7�C+��7LWB��d=��~�N��3�:��S-PI>n� 0_��M�Q0�ؔƕ+�N}xY�?�<&��Jr��2"��[p�Y�U�R=�o�+k�v��<ዐO+��#��~��/w7Z�#��߈xP�zX��R$`��@�ٿ�V�Cӯ�ё>��uiw��BTz*|t��?�ְGe�VR��\��D��cH�`�Ð�"�DBm�{�泫��t�j��,}"H�H,x��B��"Sa�4r��h�Ϙ^5M��xP�RW �5g7��6��~E{M�gi�jW�!Hn\:��G��r�`J�=i��Q]��^�/��{��D��n�$��C�u?ʅtN��/��άxY53~C�ܜa��!ݕ<��?��y��3�ӻ��)i��،�/��{�Y?��Ӏ�y��y3(�s݋l��Č��J�/.g]�{nrՒf��K=Xpޕ��?F��L�J�\ʗW>9��>��`(��LF/�;� �@��G�P��K(�O�j��:c�>I��qhp��y� �^1?>��lo�)��dڊ��{�Ĥ�+�R��:p��v��Y/��-��!j�-�f_�, ��hV�D��,�� F��UЈ�<Y}��|��Y�;��]N�_��Cz M�ݐ�Ƣ��kK��#�DCC�I��K1 ��f�͹�&�JV�&[��\��V��+b��GBM&mϩ��k��X�؝��JJ<��0?�31�a��!�E��EĢ4�}wB��_�x��T/�{-W��#>yRٴ�f{��3N�@[��ntR/�[��>]�n�6̆Y�Y�`�g��Ƕ�p1^�`��a^�4%1� m9�H+ 5��XNVt~a��[4Yq�Fs��?��8�`��4��l��{��;KW��W�D�.8 ��VDM�o}ćX��\H��`�m��iPc�x'�"+��ww�S%�r��4�C}H��I�� G��e�;�sC��}�H�ɢ ��5��P��ؼ��3tAK!�9�x%7��Ck~��I�!�EbM�K-Jr�Z�t�w�4��w�;yg��ۖ� ^��iEگ�?�k��G�k��.�9#|�&�T5��fR��`]ji��:�=i {r%�w>�ߡ�O]��&�w�mz��Ǻe��I�(acθжh�4-�q;�&��;�`w��ܡ"&��pĐvZ,+/�!��6��._ѭE�Ա��5�$#\�j�/�%��a��8.�)0�A*��usG��_cH��Ҫ��M�{�aǬpRƉ#>P{^ G�'�#[�uU

Sections

.text
Size: - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a0b21e4e7472297c881944b095e318b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

lua51

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 313KB

.rdata Size: - Virtual size: 73KB

.data Size: - Virtual size: 39KB

.vmp0 Size: - Virtual size: 1.7MB

.tls Size: 4KB - Virtual size: 4KB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 492KB - Virtual size: 492KB

.text
Size: - Virtual size: 313KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 39KB

.vmp0
Size: - Virtual size: 1.7MB

.tls
Size: 4KB - Virtual size: 4KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 492KB - Virtual size: 492KB