fec625aea3a6f5290305de09e383cae0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fec625aea3a6f5290305de09e383cae0_JC.exe
Size

808KB
MD5

fec625aea3a6f5290305de09e383cae0
SHA1

f8075f7869accef29734c7c530338030859e6cbf
SHA256

efd32b029bc3d15bff0412a9f0e3b171542df4a651d0e8d6eebbe93d51df1c98
SHA512

795929a05520d590ccdd4dd82b6b59f76a32ba4180af3db42b48cf3b6eb31ca54b366f10e83b8ec762d04cf1d0f3710cf0c612bca66a24e29802c880cde64749
SSDEEP

24576:9HxTLZaTMXWAeAxMOeAZUG2dV7tohzWigAEBz:9HxTLZaTMoOtUGW7SSz

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fec625aea3a6f5290305de09e383cae0_JC.exe

Files

fec625aea3a6f5290305de09e383cae0_JC.exe
.dll windows:4 windows x86

3afa5a44d76eaa5a32ffd482d0383365

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
GetProcAddress
InitializeCriticalSection
WritePrivateProfileStringA
CreateThread
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedCompareExchange
TerminateThread
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetTickCount
WritePrivateProfileStructA
GetPrivateProfileStructA
IsBadCodePtr
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
Module32First
GetStringTypeA
LeaveCriticalSection
LCMapStringA
SetFilePointer
GetLocaleInfoA
CreateFileA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
WideCharToMultiByte
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
Module32Next
CloseHandle
GetStringTypeW
EnterCriticalSection
GetModuleHandleA
Beep
Sleep
DisableThreadLibraryCalls
InterlockedExchange
VirtualProtect
TlsFree
TlsSetValue
TlsAlloc
LCMapStringW
IsBadReadPtr
TlsGetValue
WriteFile
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
DeleteCriticalSection
HeapAlloc
GetLastError
DeleteFileA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetEnvironmentVariableA

user32

IsWindow
CallNextHookEx
IsWindowVisible
SetWindowLongA
RegisterWindowMessageA
ShowWindow
SetWindowTextA
keybd_event
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
DestroyMenu
GetCursorPos
GetSubMenu
TrackPopupMenuEx
DestroyWindow
EndDialog
GetDlgItemTextA
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemInt
GetDlgCtrlID
SetTimer
LoadIconA
LoadMenuA
GetWindowTextA
MessageBeep
EnableWindow
SetDlgItemTextA
GetDlgItem
SendMessageA
CreateDialogParamA
GetClientRect
ClientToScreen
SetWindowPos
GetWindowLongA

gdi32

SetTextColor
GetStockObject
SetBkMode

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

comctl32

ord17

ws2_32

WSACleanup
closesocket
recv
connect
htons
inet_addr
socket
WSAStartup

Exports

Exports

ABC
CDE
EFG

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3afa5a44d76eaa5a32ffd482d0383365

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

ws2_32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 36KB - Virtual size: 43KB

.shared Size: 4KB - Virtual size: 686B

.rsrc Size: 92KB - Virtual size: 89KB

.vmp0 Size: 64KB - Virtual size: 63KB

.vmp1 Size: 248KB - Virtual size: 247KB

.reloc Size: 36KB - Virtual size: 34KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 36KB - Virtual size: 43KB

.shared
Size: 4KB - Virtual size: 686B

.rsrc
Size: 92KB - Virtual size: 89KB

.vmp0
Size: 64KB - Virtual size: 63KB

.vmp1
Size: 248KB - Virtual size: 247KB

.reloc
Size: 36KB - Virtual size: 34KB