75038437ff82dc761b2517fd5c615fed4061f813f2b74c4f835717d9652b16b2

Sharing

Copy URL Twitter E-mail

General

Target

75038437ff82dc761b2517fd5c615fed4061f813f2b74c4f835717d9652b16b2
Size

4.4MB
MD5

341dd15b55c647aff38624cd5351efc3
SHA1

fc3d90d8567b36b4641e684dd589714bf5e6192a
SHA256

75038437ff82dc761b2517fd5c615fed4061f813f2b74c4f835717d9652b16b2
SHA512

19c29543ec1fb9d231e86f115dd4a1abf58e8eba93525d0052407f93c3f970524b32e25eb1c6a4de4f5c2c0767df7301c333eda3b8fb870d4a5058f82e9a1c1b
SSDEEP

98304:TlKhLCq08D4vIxGDGRPeCwBdW9xw1xcwFr1Je7997AKh:M0qx4gxGoP1w4xAxzr/eP7AKh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75038437ff82dc761b2517fd5c615fed4061f813f2b74c4f835717d9652b16b2

Files

75038437ff82dc761b2517fd5c615fed4061f813f2b74c4f835717d9652b16b2
.exe windows:5 windows x86

b541bf7e7693eb0d1caca1b95a5fdcd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
DeleteFileA
GetModuleFileNameW
DecodePointer
SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
GetProcAddress
FreeLibrary
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetLogicalDriveStringsW
CloseHandle
CreateFileW
MoveFileExW
GetVolumePathNameW
GetTempPathW
MoveFileW
WaitForSingleObject
GetLastError
GetLogicalDriveStringsA
ReadFile
EncodePointer
RaiseException
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetStringTypeW
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
CreateEventW
GetVersionExW
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

LookupAccountNameA
GetNamedSecurityInfoW
OpenProcessToken
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
SetEntriesInAclW
GetUserNameA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW

ole32

CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathAppendW
PathAddBackslashW
StrCmpNIW
PathFindExtensionW
PathUnquoteSpacesW
PathFileExistsW
PathRemoveArgsW
PathFindFileNameW

user32

wsprintfW
CharUpperBuffW
MessageBoxW

shell32

ShellExecuteExA

wtsapi32

WTSSendMessageW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b541bf7e7693eb0d1caca1b95a5fdcd7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shlwapi

user32

shell32

wtsapi32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 8KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.0MB - Virtual size: 2.0MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 91KB - Virtual size: 91KB

.l1 Size: 9KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 8KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.0MB - Virtual size: 2.0MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 91KB - Virtual size: 91KB

.l1
Size: 9KB - Virtual size: 9KB