ad327c1c8fc98bdb019f8d3ff7836a948a3cf91fdaf41d9b0ab127f7c3c6a96b

Sharing

Copy URL Twitter E-mail

General

Target

ad327c1c8fc98bdb019f8d3ff7836a948a3cf91fdaf41d9b0ab127f7c3c6a96b
Size

10.0MB
MD5

55aed565b5c86fe94b3e3cb7178fc866
SHA1

4b39b9bbad0f694b06276a24e10d7b93723c5360
SHA256

ad327c1c8fc98bdb019f8d3ff7836a948a3cf91fdaf41d9b0ab127f7c3c6a96b
SHA512

a4b730a33de7c8695516ca12c6d543cbadf453fa08ca411e49d1927dba6631fd19311a790367ca964eb252619caa1a7fcf247fe8c5331dbd8e0030e919cfda2c
SSDEEP

196608:sM3Mq2lTA7HjKQMARCTbFMzPF1uefUFQ2Sgu1J/9yc70lKr:h3DFKKRobFMzP6efOSP1JIcQlK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad327c1c8fc98bdb019f8d3ff7836a948a3cf91fdaf41d9b0ab127f7c3c6a96b

Files

ad327c1c8fc98bdb019f8d3ff7836a948a3cf91fdaf41d9b0ab127f7c3c6a96b
.exe windows:6 windows x86

e0a7f596171789c25ae3418e0d4150bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
ResetEvent
CreateThread
SetEvent
Sleep
CreateEventW
SetThreadPriority
VirtualQuery
WideCharToMultiByte
CopyFileW
GetModuleHandleW
CreateProcessW
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
LCMapStringW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemInfo
CloseHandle
GlobalFlags
GetFileAttributesExW
MultiByteToWideChar
GetSystemDirectoryW
GetVolumeInformationW
GetFileAttributesW
WaitForSingleObject
FindClose
TerminateProcess
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
FindFirstFileW
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
LockResource
FreeResource
GetCurrentThreadId
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
IsDebuggerPresent
GetModuleFileNameW
GetTickCount
CreateMutexW
OpenMutexW
ExitProcess
DeleteFileW
TryEnterCriticalSection
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualAlloc
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetTempFileNameW
GetWindowsDirectoryW
SetErrorMode
GetFileTime
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
LeaveCriticalSection
GetProfileIntW
GetTempPathW
SearchPathW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GetFileSize
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
lstrcpyW
GetThreadLocale
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
CompareStringA
lstrcmpA
GetCurrentThread
FormatMessageW
LocalFree
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleA
EncodePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
GetVersionExW
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

UnregisterClassW
EnableWindow
SendMessageW
SetCursor
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
GetWindowRect
LoadImageW
GetParent
GetDesktopWindow
GetWindow
ShowWindow
AdjustWindowRectEx
ReleaseDC
MessageBoxW
GetKeyState
LoadCursorW
IsZoomed
SetRect
GetSystemMenu
CallWindowProcW
GetFocus
IsWindowVisible
SetWindowPos
SetWindowRgn
ScreenToClient
MessageBeep
GetScrollPos
DrawIcon
GetCapture
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
GetClassInfoExW
IsMenu
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetMenuItemID
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
ShowScrollBar
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
EqualRect
GetClassLongW
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
GetMenuStringW
GetMenuState
RemoveMenu
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
CheckDlgButton
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetKeyNameTextW
MapVirtualKeyW
LoadMenuW
SystemParametersInfoW
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ShowOwnedPopups
CharNextW
CreateDialogIndirectParamW
EndDialog
NotifyWinEvent
SendDlgItemMessageA
SetRectEmpty
GetMenuItemInfoW
MonitorFromPoint
GetSysColorBrush
RealChildWindowFromPoint
GetAsyncKeyState
BringWindowToTop
LoadAcceleratorsW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
SetLayeredWindowAttributes
EnumDisplayMonitors
TrackMouseEvent
CharUpperW
PostThreadMessageW
WaitMessage
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CopyAcceleratorTableW
EnumChildWindows
LockWindowUpdate
SetClassLongW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawIconEx
UnionRect
GetIconInfo
SetCursorPos
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
CopyIcon
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
HideCaret
InvertRect
GetDoubleClickTime
DestroyCursor
GetComboBoxInfo
GetWindowRgn
RedrawWindow
GetScrollRange
GetDlgCtrlID
IsChild
GetTopWindow
IsWindowEnabled
SetMenu
WinHelpW
LoadBitmapW
IsRectEmpty
IntersectRect
SetFocus
GetClassNameW
SetParent
SetCapture
SetScrollRange
SetWindowLongW
KillTimer
SetScrollPos
PtInRect
UpdateWindow
ReleaseCapture
IsIconic
IsWindow
InflateRect
FillRect
WindowFromPoint
OffsetRect
CopyRect
ClientToScreen
DrawStateW
FrameRect
DrawFocusRect
InvalidateRect
GetNextDlgTabItem
DestroyIcon
GetSysColor
ModifyMenuW
GetMenu
GetMenuItemCount
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyMenu
TranslateAcceleratorW
InsertMenuW
CheckMenuItem
AppendMenuW
EnableMenuItem
CreateMenu
GetCursorPos
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
MoveWindow
SetClipboardData
SetForegroundWindow
CopyImage
GetWindowLongW
DefWindowProcW
PostMessageW
DestroyWindow
GetPropW
CreateWindowExW
RemovePropW
GetActiveWindow
GetClassInfoW
SetTimer
RegisterClassW
SetPropW
LoadIconW
CharUpperBuffW
MessageBoxW

gdi32

GetWindowOrgEx
CreatePatternBrush
CreateRectRgn
CombineRgn
GetViewportOrgEx
PatBlt
CreateRoundRectRgn
GetTextMetricsW
Rectangle
Ellipse
CreateSolidBrush
CreateEllipticRgn
GetPixel
SetTextColor
CreatePen
SetBkColor
CreateBitmap
RoundRect
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
RealizePalette
GetStockObject
GetDIBits
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
CreatePalette
GetObjectW
SetStretchBltMode
DeleteObject
DeleteDC
CopyMetaFileW
CreateDCW
Escape
ExcludeClipRect
GetClipBox
SetROP2
GetViewportExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetPixel
GetWindowExtEx
SetPolyFillMode
StretchBlt
GetLayout
SetLayout
BitBlt
GetObjectType
SetPixelV
GetTextFaceW
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
Polyline
Polygon
CreatePolygonRgn
OffsetRgn
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
GetMapMode
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetMapMode

advapi32

RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW

shell32

SHGetMalloc
SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
Shell_NotifyIconW
DragFinish
DragQueryFileW
SHGetFileInfoW

ole32

CoInitialize
CoDisconnectObject
CoGetClassObject
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleUninitialize
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleGetClipboard

oleaut32

SafeArrayDestroy
SysStringLen
SysFreeString
LoadTypeLi
VariantClear
VariantChangeType
VarBstrFromDate
SysAllocStringLen
OleCreateFontIndirect
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantCopy

comctl32

InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Destroy

gdiplus

GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipSetCompositingMode
GdipAlloc
GdipGetImagePalette
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipCreateBitmapFromFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipBitmapLockBits
GdiplusStartup
GdipGetImageHeight
GdipSetInterpolationMode

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW
PathIsUNCW
PathFindFileNameW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor

oledlg

OleUIBusyW

ws2_32

WSACleanup

winmm

PlaySoundW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e0a7f596171789c25ae3418e0d4150bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

msimg32

shlwapi

uxtheme

oledlg

ws2_32

winmm

oleacc

imm32

winspool.drv

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 368KB - Virtual size: 368KB

.data Size: 48KB - Virtual size: 48KB

.vmp0 Size: 3.7MB - Virtual size: 3.7MB

.vmp1 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 84KB - Virtual size: 84KB

.rsrc Size: 176KB - Virtual size: 176KB

.l1 Size: 29KB - Virtual size: 29KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 368KB - Virtual size: 368KB

.data
Size: 48KB - Virtual size: 48KB

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 176KB - Virtual size: 176KB

.l1
Size: 29KB - Virtual size: 29KB