bc0795c81a3cd682bf958b22bf240701398c38f0e227b4e06d51150b4fa9fe79

Sharing

Copy URL Twitter E-mail

General

Target

bc0795c81a3cd682bf958b22bf240701398c38f0e227b4e06d51150b4fa9fe79
Size

1.2MB
MD5

8f5c2297a9931f9c580352c61265a761
SHA1

c7c3e2836a47b52f62cc7b1e1559ad3b9a9468c3
SHA256

bc0795c81a3cd682bf958b22bf240701398c38f0e227b4e06d51150b4fa9fe79
SHA512

05da633f87b2baf52c92e017db2f4b6e64d5f9320e7af8247ff5223f0055bf1965e483e77ed7d572ef51f44a43460cee3350356367de4e870440caabe7cb69e8
SSDEEP

24576:sEoakeKvvpmXEnY3ROtvrSybhqeTcFPbcDo5PV6JVTt4sEJ4rN24nD6GsgRf:FolvgXEnIROBsbFTcD8V6PTIWnGHg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc0795c81a3cd682bf958b22bf240701398c38f0e227b4e06d51150b4fa9fe79

Files

bc0795c81a3cd682bf958b22bf240701398c38f0e227b4e06d51150b4fa9fe79
.exe windows:5 windows x86

6b5ab556d8068d3e91779497c82b4f1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
WriteConsoleW
GetCurrentDirectoryW
GetProcessHeap
CreateFileW
SetHandleCount
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualFree
lstrcpyW
GetTimeZoneInformation
QueryPerformanceCounter
GetStdHandle
LCMapStringW
GetConsoleMode
GetConsoleCP
HeapCreate
GetStringTypeW
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
ExitProcess
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
DecodePointer
EncodePointer
HeapFree
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
SetErrorMode
lstrcpyA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpiA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
lstrcmpA
GetModuleHandleW
ReleaseMutex
CreateMutexA
FileTimeToLocalFileTime
FindNextFileA
FileTimeToSystemTime
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentProcessId
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetModuleHandleA
CompareStringA
LoadLibraryW
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetThreadLocale
SetLastError
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetPrivateProfileStringA
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
CreateFileA
InterlockedExchange
CreateThread
Sleep
InterlockedIncrement
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileA
DeleteFileA
TerminateThread
GetModuleFileNameA
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
lstrlenA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CharUpperBuffA
CopyIcon
UnpackDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
SetClassLongA
DestroyAcceleratorTable
SetParent
DrawIconEx
CopyImage
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
RegisterClipboardFormatA
DestroyIcon
GetNextDlgGroupItem
WaitMessage
UnregisterClassA
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
WindowFromPoint
RedrawWindow
SetWindowRgn
GetSystemMenu
LoadMenuW
DeleteMenu
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
RealChildWindowFromPoint
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
LoadCursorA
GetSysColorBrush
ShowOwnedPopups
SetCursor
SetWindowContextHelpId
MapDialogRect
CharUpperA
IntersectRect
InflateRect
PostThreadMessageA
GetKeyNameTextA
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
FillRect
DrawStateA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
CharToOemBuffA
EnableWindow
GetWindowRect
SendMessageA
PostMessageA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
IsCharLowerA
MapVirtualKeyExA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
SubtractRect
DestroyCursor
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetWindowRgn
MapVirtualKeyA
GetClientRect
SetWindowLongA
GetWindowLongA
GetSysColor
SetTimer
KillTimer
LoadImageA
MessageBoxA
GetClassInfoA
LoadIconW
PostQuitMessage
InvalidateRect
IsIconic
GetSystemMetrics
DrawIcon
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
CharNextA
GetWindow
GetDlgCtrlID
CopyRect
PtInRect
OffsetRect
GetParent
GetDlgItem
IsWindow
SetWindowPos
GetMenu
CallWindowProcA
DefWindowProcA
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
UpdateWindow
IsWindowVisible
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
ReuseDDElParam

gdi32

CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetRgnBox
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
OffsetRgn
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
SetPixel
CreateSolidBrush
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetTextColor
GetBkColor
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateDIBSection
SetDIBColorTable
GetObjectA
GetStockObject
CreateCompatibleDC
GetDIBColorTable
StretchBlt
DeleteDC
DeleteObject
SelectObject
Polygon
RoundRect
CreateFontA
BitBlt

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA
RegEnumKeyA

shell32

DragQueryFileA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteA
DragFinish
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

ole32

CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateGuid
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
ReleaseStgMedium
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
OleInitialize
OleDuplicateData

oleaut32

SysAllocStringByteLen
SysFreeString
VariantChangeType
SysAllocString
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantClear
VariantCopy
VariantInit
GetErrorInfo

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Exports

Exports

@ 1��M�U7.ߟ?�6�2"��cH->g�Ԗ��;�b�M��[l�9��\�z-*�@�?��i�S��3�c�u��9�˹Ȳ��X�)��G�F{��.��(`�[�kSY�� W�G�nRi��*؏Ϭ,Z[ ��.c�E��݀�ν��V�ܕ0�, �ugOY�i��+{�b~\��x��]ժm�f��ps�+�\��8>1��u�\��*�8h�3H�u�P�%��!܁,��`4�#��k��P@D姺3�)=��k75`^�l��T(}7x�R��'��X� �-��n�;u��#e�)�� ܸL�#d;x��t��o�}~�RHd �=��H��Õ�QDR��9��q�3g6)O�K!7�Q�+iVy��y��׀��}�D�':�V:�fڲ(��;�(��@��#`�� k��Y��FOE��c�Tהè��w4Nc �+0�M)$��~�˖]Q��[3!Z�?��]��E+WX�7\��׻��(�9�&,%��'Nf0�<�h�[��+�|��>'O/��0m��0��80��%��EI��c��=��)\Xu#�Ӽ�W �|�ߔ��P<�j��~��#o�9!s�g��sp�-s�\-{,�l<��dEj��&3�o�́�T��i��GO6m��Nc��F,ܑ��%��c��B�I��ڀ��U��=a�R��g�@m��}�j� �'1�&>�ۊݦ-6�$�2��_��ҡ}��A�v�l-��%H;r��{�y#̡�G�<Rn#��&�ܱ;@Ǳl�G�W��(y\��Y�b��:�V�ŸNa�Oㆥ<H�H��$n�� S�c�Kn�αȏ~��!�H1�{��8��sg��AyI��.�� ><?W{"�V��C�� :^��x��z�e�}h׊�< }�]K5�ʡ��Ǘ��u;\T�kߊ��y.Q�~��W��ƪܔ��\q�t��Q � ?�2�/��2�d��Z8�+�"Б�f��G��O�^��iS��Aּ�z}x��,��/s�A��o��{�G��[7��!V5��&ɀѧ��ј�m�� m�rh��}��>�+�\�J'i�z�7��T9�s˽�=��-~n��x��6�#�[�(]o��^�� (��7Qǖ��z�B�j�nn�(E�{g��x��A{�=��|��Y��=��`�{Pn�S/:�G�wU�G��5a/I{Z�B@e�˘��Sm�s0bUt`��!ux�B|$�}e{uU&�{Q=�?)s�'P� ��<&��MR��j�rP��lS¤��~��p�/��Wg�w�2o�t/�D��|@��ч�eb�?�iܟ��)��Ar�l_�C�+��s��u�9(��1L��X�� oM1�ק�zV��ݴ�Fı��"Y`��+C��" �d��u��tw��O�x�Z�O'5%2��3��4��F��Vs�[�p�BP��t*%��ˢfpU��9��ڼz~��rQ? ��3ζJ:71E��&T`��8��[��o�%�:&��^c]��GQ,�s�ݠ"�_/ވa�}��o��Y��Q�r�b��5�F�W��s1�� S9��t=�g��)��0��@k��?��RO,_�h��p��[yNZd?��c��ܴY^w�Ż _� Ѣ6,�օ�)h<v��mzzμZ�� Q��8NS��dD[zxY��i��&��F%3eN��g��` ��)��8`�z�ȁ8�%�&�U�l��=o.�=e�_�h��{R�H��}:��QE��}��;�a�*�o 0�I�֓@��g��fC��~��m�.VB�M� �=�{�}kJGy�T�c9�m � �=�֗aX��=�<��#�L#��ֵ��1+��4&�x~qW�f�I5�I�� A_N8�>�Q߬!��U��Le�Y�*�JS�I�� rڀ��Ԥ~�y�w�r��$�7.m�&K$��)�0 � R~�r��m�9��CT�ja� ��U/��U�k��9��}�X�+S��w��q�K�$�#��҃��m��:yto�3\ɽ9D��Zj�z��]80�_]$��Zj�tϝ��F% ��}��ufv��68d{-��(��ۡ��0�<�2F��7N[�];�qfU�-r�1�E��I��2��{]�$��£IZ�>�U�X�T[&Z��q��!,g��r"[�~(kƎ�~+a�p$�05 ��KbRq+jb�2fM� �ťME{��X-��~��8�t(��6 ��6ȡZ7�vNR|�f�h�5��´��q�tɅ髀��-��=��>X��Ӻ+#g�!Y��LP<eU~9��إ�P�!��+TPn��-<��$,2�`�eQ�a]��K��ƷZ{�vǳ��u@�j��]��懜{T��fg��_m��T��`fxT��k�>"�^Z�W4�߭/AV��8ȥq��}�0��%]��^"��7{�#��G3��;8�|�d�&��L�ߵ��͓��_N��5b7�s��z�E� ��k�~u5^<{��c��p�� %�I��OA~��J��F ��Kt� ��>��g�0$T��j�.N��Sy�$kB.� u��:盇pO0��X#q^�+��s��ȕ��V��U��W@⍚(0��(j ��|��ҺOx�s�-J(T'"��k��V$�{%�t��d-*��u�$�i�牰W��@k��;ƭ[��k#�::hL�5�08F��4��YD!�<�8��La�nY7�n�Z_ #v��CN��D}��<�� 0��C��6�x�-v��2��-�|͡<�a�1J��}��.`(��qEQ�Ju��%�:}4�LVs�7�Ef��]jN�֚(�

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5ab556d8068d3e91779497c82b4f1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

wininet

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.rdata Size: - Virtual size: 301KB

.data Size: - Virtual size: 596KB

.vmp0 Size: - Virtual size: 78KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 14KB - Virtual size: 500KB

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 301KB

.data
Size: - Virtual size: 596KB

.vmp0
Size: - Virtual size: 78KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 14KB - Virtual size: 500KB