f770622bb9e0adbf141a284ae951878ac85dd5f96ecfa1dbe53972e175ae175b

Sharing

Copy URL

Twitter E-mail

General

Target

f770622bb9e0adbf141a284ae951878ac85dd5f96ecfa1dbe53972e175ae175b
Size

5.9MB
MD5

b72a324877facb0dc226316bfd044cfb
SHA1

11b0df1b2e7f2a91d8317593b9957fd29a1831cd
SHA256

f770622bb9e0adbf141a284ae951878ac85dd5f96ecfa1dbe53972e175ae175b
SHA512

927d673f2b354e1baa2baa6bdb5f1ba1cc7e5b23f26b2bc1064e20607f262e9347e3ddc25c542d9094900d1bdbaf022e7d3232799b18a227699092ae878c38a3
SSDEEP

98304:TKjngsu3FtrDIOvwyQiaavYmNnA4JYxpoFWN1mvk63/sk:TKjgsczoyQuQmdvJYx28N1mvk0r

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f770622bb9e0adbf141a284ae951878ac85dd5f96ecfa1dbe53972e175ae175b

Files

f770622bb9e0adbf141a284ae951878ac85dd5f96ecfa1dbe53972e175ae175b
.dll windows:6 windows x64

84cb30a38720c714af1acff31c6fea89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSACleanup
gethostname

iphlpapi

GetAdaptersInfo

shlwapi

PathStripPathA
PathStripPathW
PathFileExistsW

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptMsgClose
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

oleaut32

SysStringLen
VariantInit
VariantClear

kernel32

GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
ReadFile
GetModuleFileNameA
FindFirstFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointer
CreateMutexW
FindClose
GetVolumeInformationA
CreateFileW
GetModuleHandleA
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
GetTickCount64
GetLastError
GetDiskFreeSpaceExW
GetCurrentThread
CloseHandle
GetSystemInfo
Module32FirstW
GetProcAddress
GetFileSize
ReadProcessMemory
GetCurrentProcessId
GetModuleHandleW
Module32NextW
VirtualQuery
GetDriveTypeW
OpenThread
IsDebuggerPresent
FindFirstFileA
SetStdHandle
GetShortPathNameW
Sleep
GetTickCount
CreateFileA
GetSystemDirectoryW
MultiByteToWideChar
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalAlloc
LocalFree
WideCharToMultiByte
ExitProcess
lstrlenA
GetStdHandle
GetFileType
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
HeapReAlloc
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
LoadLibraryExW
TlsFree
TlsSetValue
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetFilePointerEx
ReadConsoleW
GetFileSizeEx
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
HeapSize
SetEndOfFile
WriteConsoleW
WriteFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
EncodePointer
SetLastError
InterlockedFlushSList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException

user32

GetWindowThreadProcessId
GetUserObjectInformationW
EnumChildWindows
MessageBoxA
EnumWindows
GetSystemMetrics
GetClassNameW
GetProcessWindowStation

advapi32

RegQueryValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegEnumValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84cb30a38720c714af1acff31c6fea89

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

shlwapi

wintrust

version

crypt32

wtsapi32

oleaut32

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 296KB - Virtual size: 296KB

.data Size: 304KB - Virtual size: 304KB

.pdata Size: 40KB - Virtual size: 40KB

_RDATA Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 12KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 8KB - Virtual size: 8KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 296KB - Virtual size: 296KB

.data
Size: 304KB - Virtual size: 304KB

.pdata
Size: 40KB - Virtual size: 40KB

_RDATA
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 8KB - Virtual size: 8KB