d7e4b92bc8c835c87b20d5697be708ec42227552a3e5f33bf1ce8d939c430bc5

Sharing

Copy URL Twitter E-mail

General

Target

d7e4b92bc8c835c87b20d5697be708ec42227552a3e5f33bf1ce8d939c430bc5
Size

3.2MB
MD5

6a6636affad769a8e8c9cb1b8faa423e
SHA1

72af19f0ccd34690731462abdecba913eac598cb
SHA256

d7e4b92bc8c835c87b20d5697be708ec42227552a3e5f33bf1ce8d939c430bc5
SHA512

87efa6fa0d7129a330aa6725f06c336df9d9258baf27d05ffd1809d7995ca9735c7bb88c02b321898f83e955562e7fcbdac5b5671fe8d9b50d2678ade9195695
SSDEEP

98304:V7XCX1KTaV1bqRGRW6Y41c+/qlUrH5xso:V+XZNID4m+ClC5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7e4b92bc8c835c87b20d5697be708ec42227552a3e5f33bf1ce8d939c430bc5

Files

d7e4b92bc8c835c87b20d5697be708ec42227552a3e5f33bf1ce8d939c430bc5
.dll windows:5 windows x86

22fefc9e9c95c509eda5467e0e7d920e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
LoadLibraryA
HeapReAlloc
CloseHandle
CreateThread
HeapAlloc
GetProcAddress
GetStartupInfoA
GetProcessHeap
FreeLibrary
WideCharToMultiByte
CreateProcessA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetPrivateProfileStringA
GetLastError
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
Sleep
WritePrivateProfileStringA
OpenFileMappingA
CreateMutexA
ReleaseMutex
IsDebuggerPresent
InterlockedIncrement
SetEndOfFile
HeapSize
CreateFileW
ReadConsoleW
MultiByteToWideChar
WaitForSingleObject
CreatePipe
DeviceIoControl
HeapFree
GetComputerNameA
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetACP
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
GetCommandLineW
SetStdHandle
WriteConsoleW
ReadFile

user32

DispatchMessageA
MsgWaitForMultipleObjects
MessageBoxA
PeekMessageA
TranslateMessage

advapi32

SystemFunction036
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

BASE64_Decode
BASE64_Encode
GetPcCode
RSA_Decode
RSA_Encode
httpRead
ks_cmd
ks_setSoft
ks_setUser

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 944B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22fefc9e9c95c509eda5467e0e7d920e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 28KB - Virtual size: 28KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 1.3MB - Virtual size: 1.3MB

.vmp1 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 944B - Virtual size: 944B

.l1 Size: 4KB - Virtual size: 4KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 28KB - Virtual size: 28KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

.vmp1
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 944B - Virtual size: 944B

.l1
Size: 4KB - Virtual size: 4KB