bcbf50162bc9d8662b1e076e04bfd6170b2973de20c1fae5ad933a6120a27d26

Sharing

Copy URL Twitter E-mail

General

Target

bcbf50162bc9d8662b1e076e04bfd6170b2973de20c1fae5ad933a6120a27d26
Size

8.9MB
MD5

4b3261811807af696ddd3889bfc867d4
SHA1

14d6da0d6ff581e075c3456dd089ff64a4a786b3
SHA256

bcbf50162bc9d8662b1e076e04bfd6170b2973de20c1fae5ad933a6120a27d26
SHA512

f69a7f38c08a7eb88af31c73a34c14ab1747b1e0ba596459ad316d8e77210e5b6b72c8af4030965c236b3c3269f33f005d8b800436119a1dd5079c52f35a141f
SSDEEP

196608:mrmExTzG0ls0SzV3QhvnHdith/BeNZ3dWq41gMsIlrLL3WiarD:mJxPG0ls06VAh+BeXdcRLLLyf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcbf50162bc9d8662b1e076e04bfd6170b2973de20c1fae5ad933a6120a27d26

Files

bcbf50162bc9d8662b1e076e04bfd6170b2973de20c1fae5ad933a6120a27d26
.exe windows:6 windows x64

df70b51148a415398cb2fd2ae4cf038c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemInfo
GetStartupInfoA
GlobalMemoryStatusEx
CreateProcessA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetTickCount
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
WriteProcessMemory
CreateMutexA
UnmapViewOfFile
GetModuleHandleA
GetLastError
DeleteFileA
WritePrivateProfileStringA
CreateThread
CreateFileMappingA
GetCurrentProcessId
MapViewOfFile
GetPrivateProfileStringA
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
CloseHandle
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetProcessHeap
HeapQueryInformation
HeapReAlloc
HeapFree
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WaitForSingleObject
CreatePipe
WriteConsoleW
OutputDebugStringW
GetFileType
WriteFile
GetStdHandle
ExitProcess
HeapValidate
HeapSize
HeapAlloc
GetModuleHandleExW
GetModuleFileNameW
VirtualAlloc
VirtualFree
GetACP
ReadFile
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
SetEndOfFile
TlsAlloc
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CreateWindowExA
SetClipboardData
GetClipboardData
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
EmptyClipboard
CloseClipboard
UpdateWindow
DispatchMessageA
GetWindowRect
DestroyWindow
ShowWindow
MoveWindow
DefWindowProcA
RegisterClassExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
OpenClipboard
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoCreateGuid

ws2_32

WSAStartup

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

xinput1_3

ord4
ord2

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateTextureFromMemory

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

Sections

.text
Size: - Virtual size: 855KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df70b51148a415398cb2fd2ae4cf038c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

ws2_32

wininet

imm32

xinput1_3

d3d11

d3dx11_43

dwmapi

Sections

.text Size: - Virtual size: 855KB

.rdata Size: - Virtual size: 201KB

.data Size: - Virtual size: 168KB

.pdata Size: - Virtual size: 30KB

_RDATA Size: - Virtual size: 348B

.vmp0 Size: - Virtual size: 6.8MB

.vmp1 Size: 8.7MB - Virtual size: 8.7MB

.rsrc Size: 125KB - Virtual size: 124KB

.text
Size: - Virtual size: 855KB

.rdata
Size: - Virtual size: 201KB

.data
Size: - Virtual size: 168KB

.pdata
Size: - Virtual size: 30KB

_RDATA
Size: - Virtual size: 348B

.vmp0
Size: - Virtual size: 6.8MB

.vmp1
Size: 8.7MB - Virtual size: 8.7MB

.rsrc
Size: 125KB - Virtual size: 124KB