372aa1b645b042f3ce4ff1590b2f2427a0c9fc59c8a315dd0c1ef5edf1adf27f

Sharing

Copy URL Twitter E-mail

General

Target

372aa1b645b042f3ce4ff1590b2f2427a0c9fc59c8a315dd0c1ef5edf1adf27f
Size

10.4MB
MD5

5d6eff25980d59f7af278e9315be5ef9
SHA1

3b6cb6f85d19cd34a5b4b2a2a4f5a95c834a7faa
SHA256

372aa1b645b042f3ce4ff1590b2f2427a0c9fc59c8a315dd0c1ef5edf1adf27f
SHA512

a46247450f5df0e92fc028d27b7b0339b61eedb2cc4ca5f0081f927a9d321e5583ee69fcb32d8867372dd8935fd0eb12c084da62fe32803f67ee75300ab8caa6
SSDEEP

196608:QHY4ci3SMOKPiJ1DR+tGBbo8lK0thDBQW6:vUSM1i39t3Qn

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
372aa1b645b042f3ce4ff1590b2f2427a0c9fc59c8a315dd0c1ef5edf1adf27f

Files

372aa1b645b042f3ce4ff1590b2f2427a0c9fc59c8a315dd0c1ef5edf1adf27f
.dll windows:6 windows x64

2a29012ee34f6c6f93986a6265f0dd04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
GetFileAttributesW
lstrcpynW
FindClose
FindNextFileW
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetVolumeInformationW
ResumeThread
GetExitCodeThread
WaitForSingleObject
SetEndOfFile
DuplicateHandle
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryA
GetCurrentThread
FindResourceExW
SetLastError
SleepEx
FormatMessageA
PeekNamedPipe
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
GetSystemTime
RtlUnwind
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
ReadConsoleInputW
SetConsoleMode
SetStdHandle
GetFileSizeEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileInformationByHandle
GetDriveTypeW
GetConsoleCP
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
LoadLibraryExW
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
LocalFree
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
SwitchToThread
EncodePointer
CreateDirectoryW
GlobalLock
GlobalUnlock
GlobalAlloc
ReadFile
ExitProcess
SizeofResource
FreeResource
LoadResource
FindResourceW
MulDiv
GetCurrentDirectoryW
GetACP
LoadLibraryW
GetProcAddress
WaitForMultipleObjects
CreateEventW
LockResource
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEvent
GetFileAttributesExW
Sleep
CreateThread
GetModuleHandleW
MultiByteToWideChar
CreateMutexW
FreeLibrary
GetSystemInfo
TlsFree
TlsAlloc
RaiseException
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
TlsSetValue
GetTickCount
FlushFileBuffers
WriteFile
SetFilePointer
TlsGetValue
GetCurrentThreadId
GetFileSize
GetModuleFileNameW
DeleteFileW
CreateFileW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
GetCommandLineA
GetVersionExW
GetVersion
LoadLibraryA
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
LocalAlloc
LocalFree
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
CreateFileA
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
ExitProcess
ReadFile
WriteConsoleW
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

ClientToScreen
SetWindowTextW
GetClipboardData
CloseClipboard
FillRect
DrawTextW
GetWindowTextLengthW
IsWindow
DestroyWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
DispatchMessageW
CharPrevW
SetWindowsHookExW
UnhookWindowsHookEx
InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
CreateCaret
GetCaretBlinkTime
GetCaretPos
GetWindowTextW
IsClipboardFormatAvailable
SetRect
PeekMessageW
TranslateMessage
PostQuitMessage
SetWindowLongPtrW
PostMessageW
GetWindowLongPtrW
ShowCaret
SetWindowPos
SetFocus
GetKeyState
ShowWindow
MoveWindow
GetWindow
EnableWindow
GetMessageW
GetWindowRect
GetParent
GetMonitorInfoW
MonitorFromWindow
IsIconic
SendMessageW
LoadCursorW
RegisterClassW
GetClassInfoExW
SetPropW
GetPropW
GetClientRect
GetWindowLongW
OffsetRect
UnionRect
wvsprintfW
SetCursor
ReleaseDC
GetDC
SetWindowLongW
SetTimer
MessageBoxW
SetWindowRgn
IsZoomed
KillTimer
ScreenToClient
GetActiveWindow
BeginPaint
EndPaint
IsRectEmpty
GetUpdateRect
IsWindowVisible
IntersectRect
MapWindowPoints
GetCursorPos
PtInRect
HideCaret
SetCaretPos
GetFocus
InvalidateRect
NotifyWinEvent
GetProcessWindowStation
SetCapture
ReleaseCapture
CharNextW
GetSysColor
OpenClipboard
GetUserObjectInformationW
CallWindowProcW
CharUpperBuffW
MessageBoxW

gdi32

RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW
CreateDIBSection
SelectClipRgn
GetClipBox
Rectangle
ExtSelectClipRgn
CombineRgn
SetStretchBltMode
SetBkColor
ExtTextOutW
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
GetDeviceCaps
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetObjectA
SetBkMode
SetTextColor
CreatePatternBrush
CreateRectRgnIndirect
StretchBlt
CreateSolidBrush

advapi32

ReportEventW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
RegCloseKey
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
RegCloseKey

shell32

ShellExecuteW

ole32

CoLoadLibrary
CoCreateGuid
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
CoInitialize
OleLockRunning

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImage
GdipGraphicsClear
GdipDrawImageRectI
GdipDrawString
GdipGetFamily
GdipDeleteFontFamily
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipGetImageHeight

comctl32

_TrackMouseEvent
ord17

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW

ws2_32

setsockopt
getsockname
ntohs
bind
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostname
ioctlsocket
listen
gethostbyname
getservbyname
htonl
shutdown
htons

oleacc

LresultFromObject

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

wldap32

ord50
ord143
ord30
ord200
ord32
ord35
ord79
ord211
ord22
ord60
ord26
ord33
ord301
ord27
ord41
ord46

wtsapi32

WTSSendMessageW

Exports

Exports

CB�9�L�[7.��qq�}A ��bQ�QÊ�M�YO�� d|]* ��;�cG�hbح ��1)j,,9��4QE�ӎ*�y��z��Ia��%_�9��ɣfXt2�{��9c�3��}��i�~0o&l��ٝ��Iz�Y��~�5mwi iK$4+�HU!C�9��lR�ZYj��@��5Q�Z�v��Mf'rٿ��¦�p�Wa��oXU��'��i��]r�-vv��*�F�yenh~��m��O�pT�sl!?~��Vf6��<�qkJ�wt|{��؏�Ei��6.�/�W��p�w��f#G��F�ǭ��!�Emg��i��k��u�Dz��{p�[�c�=��s�u��8Ƙ�K��irA]Yf~$��e�-�:j��;[��,`�x)"Z�E��3�)�#ia��b��v�w�v["��v��,ƴ��Ѯ��Z\?AQ�3Q�e.R�T�m��;��v��\�b�Tn@�5%�ݛ41e��/G3��Kް�9W>\9�{��g`M��lמ��T6Ca�qK1�vA 4[��>MS��G��9E}�5l�uK�׌�n��q�;��x�4@`!�7�h �A�j�Ƃs~*?��SCA�ee��F��{r�<��!ݪ�O$��;�Y`��D�m��c��_(N;j}$ %�#��X`t��N��o�<S��>�1N�r0��s��B�ٔ�&�5�r��2IL�p) �,NM��G��˚Bl%�wڝ�vj��gs��9��Q�N�;��l�{I��bw�o��y�Oq��Tk��\��Y�+I��}��I�G�B=��qDC��%��h҃o}4,�Q�(i��\V4 ��k"�s� ��u��_'��̦�9��K.&�U|b)��8�S�Pò7��K��"��\L��n��4r��43�!1��{�-�'��zK_��i�7��߳:�}R S��9\�C��t�PQh��+ � ��4��Dw$t�<��R,ǽh��EY��6<+r��+�4�W�� W�3s��o�q%��?��D#�T0��'�.�]'W%W��g@) �:��B�̒E�0@4�˂�@H4 H�MBO�AQ�N4�UP�Bݚ=g�6H�,��-V��uJELF� ��C�N/��2p.�|!is��=�@=��a.��a�4{}��:��h�=��!��z��YK��a�CN�!8��!�� E��'.v�ꕿ�;3;��U=��~�x��9�o�/��㲱��xt�� <�:[.��SYF�E-��չ֌��恝u\�"6�2��󈽍��B`�� Go�h�O��Zy�h��G#6�J,k�W�ub��w�3H��e=�� h�֖p;��~>�t��wwi�o�n�S�T��O�ly&"��E��i��?�#��Ķ��;�/sӓ۟"D��w�W��2o�s�{/TK�m�/4^�(EH�=wT�p��S\�\wƽ�j��|~\{�WKh�CH�U��-�-.nJ\�7��DZ�Iv��?��f>#!� `O�k�;��`��s1�M��<�F��NN�B�� {m~��{��!)�Л��y+ed�D��<鬶�:h��J��߯�!F�h��C��+�4��R&TGԦsT�8�~qB%E��zFu�5)�S�\�wf�Ix��a�ߨ��%�� k��z��=��,0��ꠊ�i�D6!{��g�H�B�v; ��7��q��ʲy��,��L�J�v�6�WD,`��Z��p��G��M�6tv�ƺ�W�Hl�GY߯�eo)]��X+T�&'�Q�])�+%��'��S��{|�/�]��#�T��ZD��j��:w�"\��>@��㲒7�Z��G41�VN�-Z�ɰ�5�I<eo޽Wu�* Rr�A�T��ğ��E*l�U�L��w0^�p�<��2��/B�va��B��uQ�W��Z9��ſ�x;6Xv�=r`��K�n�ubfZ��l��ə'��;��*@��㐞��Ia�D��k\t!� �lO�#a�B�A��'��M;��+��M�g��@Jkm�f�׭o{_��%�{�U ��g2�.r<E�� Y �Ի ��3�C��4�m��[��^�Y�-m��^�o��Q�Hү��#�wX�!�J�5��P's��if��%��d ��;�6WkA�j6?��/�6�m��}��F�%�PޓJggc��j.:�4��;�@!��|��u�a�[��xԯ�d2W-�,�2Y��L'��=�qD�Z�Ļ�}}ulٚ ��2զI�g�s�Ee�O@�KX}�r�p�8��K�˔�h�*Ν�mU�~i�q�|v��놰�0z�Z29􅝇��䱘��q-c�� US�E�ć��g��,%�Φ��0��x�9�i�˸ѣ��KZ�>Oq+��p�-'5N�`W �&L�?+M��oP�� 7��ÿF{�eM�j��}��w3+&B^�cc%��k�m��t~��>��c��٭�QO��m��,��Gc,�z�� P��P��x��TIRz:�H��Q��<��Y]o&�n��"��8��-�.f"�d��#��f��L�ۮ�C9�%��)�?s'��7�� l��x��I�o�`�Bݨi+Qh��0o��e�]+�6��G��5��&0ݭ=�� ~�nI[ܯ�Nt)�u;�*q||%��O�n�X�f]��]i��2k ��i?��%��iU1i��*�"'��$lݸh��up��b��&�r�@4*�f��sqn��jE�� N��ƓI��ME'񋯦4�h��AK9�$��Ueq��S��Ɏ�~.z�N��J�4W��Gdk�g�j �.2b�O!�s��Gm�p(��
DeleteAliAuthSDKInstance
GetAliAuthSDKInstance

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a29012ee34f6c6f93986a6265f0dd04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

comctl32

wininet

ws2_32

oleacc

imm32

wldap32

wtsapi32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 640KB - Virtual size: 640KB

.data Size: 324KB - Virtual size: 324KB

.pdata Size: 108KB - Virtual size: 108KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 32KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 25KB - Virtual size: 25KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 640KB - Virtual size: 640KB

.data
Size: 324KB - Virtual size: 324KB

.pdata
Size: 108KB - Virtual size: 108KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 25KB - Virtual size: 25KB