325565ed9d706e9a89165943f0a233312e49fb23a53814f4b17efdd2237d1c33

Sharing

Copy URL Twitter E-mail

General

Target

325565ed9d706e9a89165943f0a233312e49fb23a53814f4b17efdd2237d1c33
Size

10.1MB
MD5

02faa7fd6109e1a01091162765802f34
SHA1

a220cfe214d655b9e205a3ba9128c7962d5c4295
SHA256

325565ed9d706e9a89165943f0a233312e49fb23a53814f4b17efdd2237d1c33
SHA512

11f09106b9c927cdd5b0deba532a48ec268847478961e849859e2cb1ac17eb11cc289aec0b081945a230007993f33c41f4509c41e19a50f26e040d5e5f2d6c4a
SSDEEP

196608:M8GRGT24yWnOMuw/JbY/jTfZaIDaHwGYWgLjyRRrTUSCdtxErWqtCy:M5RGTqWOMb/xOZaIDa/YJLGHrTnCdvAP

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
325565ed9d706e9a89165943f0a233312e49fb23a53814f4b17efdd2237d1c33

Files

325565ed9d706e9a89165943f0a233312e49fb23a53814f4b17efdd2237d1c33
.dll windows:5 windows x86

3e3d830412d135b0227f83c03adb425b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
SetConsoleCtrlHandler
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
InterlockedIncrement
TlsAlloc
SetEnvironmentVariableA
GetModuleHandleA
SetLastError
GetFileAttributesW
OutputDebugStringA
CreateDirectoryW
ReadFile
CreateThread
SignalObjectAndWait
GetNativeSystemInfo
ResetEvent
DeviceIoControl
WaitForMultipleObjects
GetComputerNameW
GetFileSizeEx
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LoadResource
FreeResource
GlobalMemoryStatus
InterlockedDecrement
FlushConsoleInputBuffer
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
GetCommandLineA
InitializeCriticalSection
TlsFree
CompareStringA
TlsSetValue
ReadConsoleInputA
SetConsoleMode
CompareStringW
TlsGetValue
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
CreateEventW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
SetEvent
FlushFileBuffers
WriteFile
SetFilePointer
WaitForSingleObject
DeleteFileW
CloseHandle
GetFileSize
CreateFileW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
HeapSize
LocalAlloc
GetVersion
GetVersionExA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

advapi32

CryptGetHashParam
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegOpenKeyW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptAcquireContextW
CryptCreateHash
TraceEvent
ControlTraceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
CryptHashData
CryptDestroyHash
CryptReleaseContext
OpenProcessToken

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

StrStrIW
PathFileExistsW
PathFindFileNameW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertCreateCertificateContext

imm32

ImmAssociateContext

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

ws2_32

WSACleanup
WSAAddressToStringW
WSAStartup

msimg32

AlphaBlend

userenv

ExpandEnvironmentStringsForUserW

user32

SetFocus
TrackMouseEvent
LoadCursorW
SetCursor
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
GetKeyState
EnableWindow
UpdateWindow
InvalidateRect
DrawTextW
InflateRect
FillRect
IsWindowEnabled
EndPaint
BeginPaint
DefWindowProcW
CallWindowProcW
GetWindowLongW
GetClientRect
UnhookWindowsHookEx
SetTimer
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
ShowWindow
RegisterClassExW
wsprintfW
SetRect
MessageBoxW
LoadStringW
KillTimer
DestroyWindow
GetWindowRect
SendMessageW
CreateWindowExW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetAsyncKeyState
GetSysColor
ReleaseDC
SetWindowsHookExW
GetFocus
CallNextHookEx
MapVirtualKeyW
keybd_event
PostMessageW
IsWindow
GetDC
SetForegroundWindow
PostQuitMessage
SetWindowPos
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

gdi32

FillRgn
CreateRoundRectRgn
SetBkMode
LineTo
MoveToEx
SetTextColor
CreateFontIndirectW
GetObjectW
GetStockObject
Ellipse
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateSolidBrush
CreatePen

ole32

CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal

gdiplus

GdipGetImageHeight
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipGetImageWidth
GdipFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSSendMessageW

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown
PZa��@�4!��S�Y��[�,��V��.�^��r�@X��$T�n�Ңv%��A�1� \�54��m#�cڮ��wG"1�̖[Q��4ȚoiP�d��3!qk�.�O��G��\�3�~=Y�n^A�v��7��0��uA�góݠ�o�&��!��<�8�F��qMN��Ru~�8O�hJF/;��tD�^��i%*ri�[U��~��g�-ɤ8��i��6f�;��r�~��֔��Z�x��$#��3ˮƞ;��_��:��\��.�Ƨ� ��ק�~�!�+��֬� ~A��+�C�X�3I��ໍ��!��?��2a�� 9a�hi��تI˅O�Z��%f'�J�_>�;F��T�o&�b�p2��;5��|��n�w�v�pp��ܗw>>��)��sR3�E��܉�� @ϯ��a4��p�Сg�qsJ�I��i>螋I/ߨpMB��iº�:qW]��.�ޜ�ʸ�CD��ʆ+[��U�\�TUa��*|P@7J�q�N��u!�:��!�y�/3��j�\�_��&��JB��4LoYU��*`��Iݘ R0��ь �ψI0�pn�S2QӴsz��M��Z"��=��U�Ov�E�Ԣ)�J��hV��5c��u� �ğN��q��V�Q�d��#��9o��f�^|�V��^@��Y�b�!R�� tΆ��\Yi�n��{QP��V�1>f޽>T�~:l��k��̋#��~��D��Rinր@��rY#=}�K-B�qf"�.�-L��y�η�"%x<E�WBK-��yk6�7w�7��<��'�FWu�͗��-Z�wD��,WgHg��dV,�r8��a�;'�&m�n=�VVZ��m[v�U[�X�_��:l+��D�JHp�\Q�<;/7��}��aQ�8I~�e0w�X�i��"��U��U'�>�� 8�âQ�ؿ��9h��jI{�h��fd�i��|��5��@H�f��Ul��H�&��Q$B�0 \�L��&��~�+#w}��KL�� c`G��)�i�)�mI=�-��E6��3�7v��Q��YJ��x��m��: O�YQ�H_2��f\u�F#��^�«��sw7��t��5˓84;M��T��f�� mU�\`��!u��e��Rt8m�� ɾ�5��zg��M��˪SM��*��C�t[U�8į��s^��c�c�Q�un ��$jZ^�ͫ��eH�ZFذ��&oD�r��5�u(��{��o�Q]�G<&Y=�:v�U,P�qϿ��9��8>�LI�5�'�1۴�x��#`);��q�e"{�됥MxB��L�j�pS-)�Śvi��>��m/�C�_B�hQ=�T�^��l?�o�=��Ӷ��:��f��x �a35G �(��.��O��8��[�Ћ��`��t<��bx��u��i� �c��F��h�VI��D �-�>v�� Puj��(�X��^�x��#R��~z�ܚ��`��n�,7�D��8��8��6*��M��-�y��/��.9E�ѝ��*��<�8;�t��#2s��[�A�%v��wռB^��4�d��,^7�L�o��4�F��B`ˮ�u`�k��vD[b�ϒb}ݕ΂�� R�ě�Ǧ��_<�Il��h ��ܮq �d_�<R�n��c�d�-��+! �{��i��au�G�F�s-6�D�+��X��0}l�\�Eow��>Ux�Ɓ��e4��I��enz��~t�wP��o!��]L�iY��1Fci��܄��R��߇�� 9��C��d�=߉Z�}�WF��B^[f��o��q$v��l�JNz^��?��"�2�HGTF!��%ؿ��:� %�k��"Y�[��Uc��; �~��5P(�P�+d��VV��x �x�=��.90��s�m"�ٰb�J!��އz��$�� $��Q4�գ!��)@kdUEca��~��[��m�v��e��*��Ue �R�hgb[s �A��!��Sf(��MwC2��,U@��,�A�J��(P./�9��{�af�'� �AYXaaIs��^��1�n��ɭu<��N�kX��c�g�ܪ��^G��Po=��^�t�#%]�~��t��kx�[p:�b�o��аHB��?�E5i��ü�R�/� ��j � �E�.��5� )�#�Ȟ]ה�� ؟.*��^[P�Ѷ>��)}�a��ko�S��`ޑr)q%��9�c�-��qd�M�}�w��/x"xɛ�A�D�.8�Wc��!�ӟZ��i�Xl>��.J: �D��f$��j u��ب�-��?��d6!�7E4��~y?��v ��l��d�-��_�<�� ,M!vr��d%J��⟴��g��W��D�=��'��L�uM�DhJs�MR��Pـ�(��iHt�-��}�^� ��4 �?��F[Wn��D�O��ڒ.*E��o^ �L��L��v�2�Pʂ�u"�r��uFpH�4��7'��+�MǢ��UC"�7i)��:��N��=�'��cJ� ��/�1��=:�L~�D��6.�p��&��1��ۢ��_/o��dS��;7̶m�e�a�:k��,��Jҿ��0 ɱͽ��vy�P��$ϙ�,�O��b�l0oB�HP"�g�f{�L�F!Sp�`��0U�ܸ��_x�2�沣IY(}D��,$��(ݘ�Mf�:��|��F�<5.u��9~��$Xm��B��$@�y�*h6

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e3d830412d135b0227f83c03adb425b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

shlwapi

crypt32

imm32

iphlpapi

ws2_32

msimg32

userenv

user32

gdi32

ole32

gdiplus

version

wtsapi32

Exports

Exports

Sections

.text Size: 624KB - Virtual size: 624KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 32KB - Virtual size: 32KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.l1 Size: 15KB - Virtual size: 15KB

.text
Size: 624KB - Virtual size: 624KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 32KB - Virtual size: 32KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.l1
Size: 15KB - Virtual size: 15KB