8ca63d1860f0ba7d3fc8b22373da5798250df0b427eac3c46d4b5b2dbb09bc38

Sharing

Copy URL Twitter E-mail

General

Target

8ca63d1860f0ba7d3fc8b22373da5798250df0b427eac3c46d4b5b2dbb09bc38
Size

12.5MB
MD5

fe90154c83e86fac84d66164b507fb7e
SHA1

a7e4d363beb1703e8ba6fe7652b93e7b0d35688f
SHA256

8ca63d1860f0ba7d3fc8b22373da5798250df0b427eac3c46d4b5b2dbb09bc38
SHA512

1998b152fb54bcbb9edc972ed8566508c22b5585344c0b532a9b4de89c107ad2d8f318482ad42a51266b863eb20089f3b242da9036ac79fbda56f7bc8f4291ef
SSDEEP

196608:6LVT+nitbTkOvuqH/X1o3vMNEw5LuSWjjGfgNFTByWSgYf:6Lt+ipIOGqH/X1o3vMNEwWjKfghyW4f

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ca63d1860f0ba7d3fc8b22373da5798250df0b427eac3c46d4b5b2dbb09bc38

Files

8ca63d1860f0ba7d3fc8b22373da5798250df0b427eac3c46d4b5b2dbb09bc38
.dll windows:6 windows x86

2e216dd0b9be6c44cdd407885e5c7686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetEnvironmentVariableA
CompareFileTime
WaitForSingleObjectEx
MoveFileExW
Sleep
GetTickCount
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
SystemTimeToFileTime
GetSystemTime
FindNextFileW
FindFirstFileW
FindClose
LoadLibraryW
LoadLibraryA
FreeLibrary
CloseHandle
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
CreateFiber
DeleteFiber
SwitchToFiber
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
WriteFile
GetFileType
GetStdHandle
GetModuleHandleExW
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

shlwapi

PathFindFileNameW

ws2_32

closesocket
connect
gethostname
sendto
recvfrom
htons
select
__WSAFDIsSet
WSAIoctl
getpeername
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
setsockopt
listen
bind
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
ntohs
getsockopt
getsockname
ioctlsocket
socket
gethostbyname
WSAStartup
htonl
shutdown

spdlogcore

?SpdLogW@@YAXPBDHHPB_WZZ
?SpdLogA@@YAXPBDHH0ZZ
?InitSpdLogW@@YAXPB_W0@Z

msvcp120

?_BADOFF@std@@3_JB
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?exceptions@ios_base@std@@QAEXH@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??1_Lockit@std@@QAE@XZ

msvcr120

_unlink
_stat64i32
strstr
getenv
_stricmp
fopen
_gmtime64_s
sscanf
strtoul
fprintf
__iob_func
isspace
_strdup
raise
wcsstr
_vsnwprintf
_vsnprintf
_exit
strncpy
_setmode
ftell
fseek
fread
_fileno
fgets
fflush
ferror
feof
_time64
_strnicmp
strcmp
strrchr
strchr
strerror_s
_read
strspn
strncmp
strcspn
realloc
memset
memcpy
atoi
sprintf_s
fwrite
_close
_chsize
?_wopen@@YAHPB_WHH@Z
wcstol
memcpy_s
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
fclose
_wfopen
strtol
_strtoi64
_errno
_purecall
memchr
??_V@YAXPAX@Z
_write
_except_handler4_common
?terminate@@YAXXZ
??2@YAPAXI@Z
memmove
free
malloc
??3@YAXPAX@Z
_except1
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
wcstombs_s
??0exception@std@@QAE@ABQBDH@Z
_aligned_malloc
_aligned_free
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_lock_file
fsetpos
fgetc
_fseeki64
fgetpos
ungetc
_unlock_file
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_vscprintf
_vswprintf
vsprintf
_vscwprintf
setvbuf
strftime
_fstat64
_lseeki64
strpbrk
_getpid
_beginthreadex
_gmtime64
strtoll
_wstat64
_wopen
_waccess
wcstombs
__sys_nerr
__sys_errlist
fputc
wcspbrk
tolower
_wcsdup
calloc
sprintf
signal
qsort
fputs

wininet

InternetCrackUrlA

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

advapi32

RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW

wldap32

ord27
ord26
ord117
ord41
ord208
ord127
ord14
ord46
ord219
ord145
ord167
ord142
ord79
ord133
ord147
ord301
ord216

wtsapi32

WTSSendMessageW

Exports

Exports

InitGoogleDriverMgr
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e216dd0b9be6c44cdd407885e5c7686

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ws2_32

spdlogcore

msvcp120

msvcr120

wininet

bcrypt

user32

advapi32

crypt32

wldap32

wtsapi32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 520KB - Virtual size: 520KB

.data Size: 44KB - Virtual size: 44KB

.vmp0 Size: 3.6MB - Virtual size: 3.6MB

.vmp1 Size: 6.7MB - Virtual size: 6.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 19KB - Virtual size: 19KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 520KB - Virtual size: 520KB

.data
Size: 44KB - Virtual size: 44KB

.vmp0
Size: 3.6MB - Virtual size: 3.6MB

.vmp1
Size: 6.7MB - Virtual size: 6.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 19KB - Virtual size: 19KB