100e8d7732a5c20539fba184c48df256b66648a036febd6e14c1ef9c8ffbf8db

Sharing

Copy URL Twitter E-mail

General

Target

100e8d7732a5c20539fba184c48df256b66648a036febd6e14c1ef9c8ffbf8db
Size

6.5MB
MD5

4b889e079f286ead4eeb33dd7ad5f3ee
SHA1

d277ffeaf1ffff0697af7693a980449ad866e4e7
SHA256

100e8d7732a5c20539fba184c48df256b66648a036febd6e14c1ef9c8ffbf8db
SHA512

c70d921a8ef92b4bcbd22f1f3d57a15457774956027c1e112fb3a3985907490ab5e417a908c296bc56d36ce21b58dc4d2e06cbd412f8aeae969abe77aa188b06
SSDEEP

196608:r41UunExIfLBWb7dymAM2kNP7vJm4Fdv:r41UuEO1yRTTvJ93

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
100e8d7732a5c20539fba184c48df256b66648a036febd6e14c1ef9c8ffbf8db

Files

100e8d7732a5c20539fba184c48df256b66648a036febd6e14c1ef9c8ffbf8db
.dll windows:6 windows x86

6d3bb52892b346dca8a8bf5c01f95883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetFileSizeEx
SetConsoleTextAttribute
GetStdHandle
WriteConsoleW
FindNextFileW
FindClose
GetSystemDirectoryW
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
ProcessIdToSessionId
Process32NextW
Process32FirstW
LoadLibraryW
CreateThread
GetProcAddress
GetPrivateProfileIntW
GetModuleHandleW
QueryFullProcessImageNameW
GetExitCodeProcess
MultiByteToWideChar
GetFileSize
ReadFile
SetLastError
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
OutputDebugStringW
GetSystemTimeAsFileTime
LocalFree
AcquireSRWLockExclusive
VirtualQuery
ReleaseMutex
CreateMutexW
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCurrentThreadId
GetModuleFileNameW
WaitForSingleObject
FindFirstFileW
SetFileAttributesW
DeleteFileW
CreateFileW
CloseHandle
DecodePointer
FindResourceExW
FindResourceW
ReleaseSRWLockExclusive
SetFilePointer
GetFileAttributesW
GetCurrentProcessId
GetWindowsDirectoryW
GetLocalTime
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
WTSGetActiveConsoleSessionId
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStringTypeW
GetFileType
GetACP
GetModuleFileNameA
ExitProcess
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
GetTempPathW
LoadLibraryExW
GetModuleHandleA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetCurrentProcess
IsWow64Process
LoadLibraryA
FreeLibrary
VirtualAlloc
WaitForMultipleObjects
CreateTimerQueueTimer
DeleteTimerQueueTimer
VirtualFree
ResetEvent
SetEvent
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetModuleHandleExW
GetTickCount64
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetCurrentThread
GetThreadTimes
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
FreeLibraryAndExitThread
GetVersionExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

CharUpperBuffW
AllowSetForegroundWindow
GetWindowThreadProcessId
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

advapi32

ConvertSidToStringSidW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetValueW
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
SetFileSecurityW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shell32

ord165
SHGetSpecialFolderPathA
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

shlwapi

PathRemoveFileSpecW
SHGetValueW
PathFindFileNameA
PathAppendA
ord176
PathAppendW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
SHDeleteValueW
SHDeleteKeyW

userenv

ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSSendMessageW

bcrypt

BCryptDestroyHash
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptSignHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGetProperty

msi

ord173
ord217

wininet

InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenW

fltlib

FilterConnectCommunicationPort
FilterGetMessage
FilterSendMessage

dbghelp

SymInitializeW
SymUnloadModule64
SymGetModuleInfoW64
SymFromNameW
SymGetTypeFromNameW
SymGetTypeInfo
SymLoadModule
SymGetModuleInfo
SymUnloadModule
SymLoadModuleExW

Sections

.text
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d3bb52892b346dca8a8bf5c01f95883

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

userenv

wtsapi32

bcrypt

msi

wininet

fltlib

dbghelp

Sections

.text Size: 500KB - Virtual size: 500KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 24KB - Virtual size: 24KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.3MB - Virtual size: 2.3MB

.vmp1 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 15KB - Virtual size: 15KB

.text
Size: 500KB - Virtual size: 500KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 24KB - Virtual size: 24KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.3MB - Virtual size: 2.3MB

.vmp1
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 15KB - Virtual size: 15KB