bf76a293d0f2715171e4e984e50f58c6ed8c640d5b1604d891b511987fa87ad3

Sharing

Copy URL

Twitter E-mail

General

Target

bf76a293d0f2715171e4e984e50f58c6ed8c640d5b1604d891b511987fa87ad3
Size

10.3MB
MD5

dbd31aaaf66622c6d72104988d1aacd4
SHA1

80c6e268be2e418243a5f4ba3783b7875f0a6f49
SHA256

bf76a293d0f2715171e4e984e50f58c6ed8c640d5b1604d891b511987fa87ad3
SHA512

2154dd0cfac0dddee632903cb2d541a69454224e75b67bb6674149b453b81ab04ffcd3b34b87c073c2f449017800b05ca23133edd5209b7be3c22c31c00b64cf
SSDEEP

196608:h6FjKr+XTJoAN2hOm96r+iFB5P36+exHHTxBQ2RHZBY/a5+TYK:UFjbXTJbCl6rfrPq+eZzxBXHT5+TYK

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf76a293d0f2715171e4e984e50f58c6ed8c640d5b1604d891b511987fa87ad3

Files

bf76a293d0f2715171e4e984e50f58c6ed8c640d5b1604d891b511987fa87ad3
.dll regsvr32 windows:5 windows x86

19fa199d84c92b8c94238dc37ddb83a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadLocale
SetThreadLocale
WriteFile
FlushFileBuffers
SetEvent
GetFileSize
LoadLibraryExW
SetLastError
MulDiv
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateDirectoryW
GetLocalTime
CreateEventW
WideCharToMultiByte
TerminateProcess
GetTickCount
LocalFree
WaitForSingleObject
Sleep
MultiByteToWideChar
GetModuleFileNameW
CreateFileW
GetFileSizeEx
CloseHandle
SetFilePointer
ReadFile
GetCurrentThreadId
GetCurrentProcessId
FindResourceW
SizeofResource
LoadResource
SetConsoleMode
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
GetCurrentProcess
GetLastError
FlushConsoleInputBuffer
SetEndOfFile
GlobalMemoryStatus
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
HeapReAlloc
ExitProcess
SetUnhandledExceptionFilter
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteFileW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
ReadConsoleInputA
FreeResource
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetCommandLineA
VirtualQuery
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetModuleHandleA
GetStdHandle
GetFileAttributesW
OutputDebugStringA
CreateThread
IsDebuggerPresent
SignalObjectAndWait
GetNativeSystemInfo
ResetEvent
DeviceIoControl
WaitForMultipleObjects
GetComputerNameW
RtlUnwind
VirtualProtect
GetSystemInfo
GetModuleFileNameA
GetVersionExA
GetVersion
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

CharNextW
SetWindowPos
LoadStringW
IsWindow
InvalidateRect
RegisterClassExW
GetKeyState
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
IsRectEmpty
DestroyWindow
GetFocus
IsChild
DefWindowProcW
CreateWindowExW
UnhookWindowsHookEx
PostMessageW
PtInRect
UnionRect
SetWindowLongW
GetWindowLongW
ShowWindow
GetClassInfoExW
LoadCursorW
ReleaseDC
GetDC
UnregisterClassA
SendMessageW
GetWindowRect
KillTimer
MessageBoxW
SetRect
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
SetTimer
PostQuitMessage
IsWindowEnabled
FillRect
InflateRect
DrawTextW
UpdateWindow
EnableWindow
IsWindowVisible
GetCursorPos
ScreenToClient
SetCursor
TrackMouseEvent
CallWindowProcW
SetWindowsHookExW
CallNextHookEx
MapVirtualKeyW
keybd_event
SetForegroundWindow
GetSysColor
GetAsyncKeyState
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
EndPaint
GetClientRect
BeginPaint
SetFocus
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

gdi32

DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
SetTextAlign
TextOutW
GetDeviceCaps
CreateRectRgnIndirect
SetViewportOrgEx
SelectObject
BitBlt
Ellipse
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
MoveToEx
LineTo
SetBkMode
CreateRoundRectRgn
FillRgn
CreateSolidBrush
SetMapMode
LPtoDP
CreatePen
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegOpenKeyW
GetUserNameW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
TraceEvent
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
ControlTraceW
OpenProcessToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW

ole32

OleSaveToStream
WriteClassStm
CoSetProxyBlanket
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString
VariantChangeType

shlwapi

StrStrIW
PathFindFileNameW
PathFileExistsW

gdiplus

GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipAlloc
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipLoadImageFromStream

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

ExpandEnvironmentStringsForUserW

crypt32

CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext

imm32

ImmAssociateContext

ws2_32

WSAStartup
WSACleanup
WSAAddressToStringW

msimg32

AlphaBlend

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

wtsapi32

WTSSendMessageW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
X�4�=,!��A�,��I.2�-Ơ�c��̚3 �є.a��v�� 7�5o�� )��)�e@��i�Hv �9��M�0�sV�z�~��2c:x�iR��&'4�~�X�#w_��۵�DY�0%">��S�5S��""lǁ�lB�`��d[�:�(H��n��"[]��1�3�Չ�;��?��d;:�զ1pبj�3�z*<�U�wפ<'��R��pa?~.,·�O�ٷ�!�oCC²H �Y/�S��n��kٮ��rr�b�7o��d�\^Y�r;��EXd��7�p rAҥ��n6z��o BF*�f��jZߨ�[䁤 ZR�uA�LyY̏��IQ�t�'Ѳ-s'��;_df��q��D ��t�PK �B��j��ݕ�(��\ L�}�d��o��'�/(��Bc��8}VY��Q��&��x��Il��'��W�e��(R��Ra��J��w��Zn�,&�x~XO�Uc�z�Ӛi]EgMf�Ͱ�6v�� λW��e6� �;�� w�m<U`��eց�Y�&I�@�p��1��g� ;�rJ��Nw�7UD ��tz��B��1\#J��_G�!N��N��kZ+ ��0��ww��(��s�<� e��8��FB2^!�jPHK��'x�]�T4b�-H8��440T��'��>YN��֡�p#��t�l��C�w�ȾK��|�v��u�i�(+Ǻ�r��n��(�:�P෥�2�Y(��#�ܸQIG�^�[�`��Ghj��Q�Df��^��̹��zdV2�hI��|��ى��d�2��B��JCcU��ö'}��$DE��y��}mf�1y�!SQ�t�J�}��P:*1�\�J��f�4�B�Ӫ��ST>LOՕ��2��,�\�ر3�:M&�wn��&XS61�!�L~��'�6.�?�uS8(�(�oD{��ֺ��{��58F��4sA��G�� I��A">��r��Hʡ�1$�ǋUm� � ��=��͜��3W��'r��q��>��(��Rz��U��,ɤ��6��sԕR�7^��CF�{�.<��Q��W�n�P#��l?8pR�:�P��f�M�M_��,=h�PJ:`5�(_�kq��pNϓv�3��d��2J�/&#�K�'��ˡ�{j�"�K�y��v\��.x�%� P��+��xx'��^8�N� � ��+��,�1�I�Gу ��w�a��H��7��XIS�KE�p[�?�R�?�d��2 �e��e�-�eڒ�r��%�FI�V�2>ZI��f�|pG�:o�y��z��kB��<DҠ:�&<��M=��ewv�-7]�Ag��~�U��8�~GA�6��`�Y��0�4��2�9� Ei��Ė�f �W͒/'�Y&��"��ɻ?�'e=�DI��0�D�St�+�2�3Y>��CԵ,��"TǼ��we��'��vuwz��q�]9�|��L��A��$Z��'��\.�_RZ��n�u�D�G�sG��3�|�1-�{Aߩ��i8��,U7��T�#��k) ��pEO��-C:��h�q:�-P1[��p�7�2r�SP��e��0Z�.*8hn��Z3��D�$�T. '��%��6�/ 쿇]3[��MӬ�B��eˍ+'�1��p�7�q��){C��n�j� ��[͉'��T;H��1�_�r�9��4P�y�VK��s+,��^wD/��8� }�tAL7x��;%�N�)�#Hry��1�z�ɂq��0��ע~}*C��dcK?C0/hN��40��'.h��c(�'}=�Sz�K�32 �u�^5I벡PE��$[>��>��w�(8��˱\��NN��&��=w�� G2D��گvF��D�ǑԹ��ߙ�ݶ��-��y��%aB0/��fP�W��qO��4biF�+��3G5̀\�ྰ2��c�D��'��.��ҁ@��~�yM7n(Zk��0��v��Ɇ|��z��ϐ��IB��q�{��,,�P5>��ғ��sq��v��כ�*Z�芇_N�:��״LN.]��'�:�D��=��R�$�1�TWN�W��l�e�(~��Љ. 8+Y�Q��uդg��9�[qQV��T��1.�0�Z�ܞ��b��i��Tù��*��F��s�r��6K��V�х��>��El�OgVk-0+\�op2�ml��p 3��=�fc�,�4�ػ,J>X=�M�2+�گc��po��2_3{ch��.�C��|�ԃIS �f��ŧ"B�YX0�G�D�B0פb��]��~��T�^Qt��8)�q]u�r`&�b�L�{��m0�+�h;��U�w�"�F]��Ǯ�ʇ+��z��4d��AZ(ɄO��Z��)$ ��'��C�k,��w�W�N��ג�h��J�%;�q&2KײG\�d٭�6�7�4y��-M$��.�A�^�A��O��\��1��n�ѽ�o��`�o|�<�m�x��<��˜�4�5�6ۿZ`l��,T�[�� Խ��Q6�✰�r%�C�Z�'�Y�ڠCM19}o��ə��]�P�@e��릟@Ք��8�B�J��L�9�plr/�f[R�L�sm��e&��Ý�*��f@cؾ�&��A��T^]��k�ʡ��C �v��r�4��6��ź�(^$8Ţu<�Y�Jܢ<F��y/�!_a��6ٰ#io��Zv�ay��?�D�ǫ�F$�y��r��<Bv��1+��=�Q?hn��8;l�>��ǵ��Ŝ<� N��f�o��Zk�NW=��'�TvM;۱߇f�Ն�s��AWQH)��!

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19fa199d84c92b8c94238dc37ddb83a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

version

userenv

crypt32

imm32

ws2_32

msimg32

iphlpapi

wtsapi32

Exports

Exports

Sections

.text Size: 668KB - Virtual size: 668KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 36KB - Virtual size: 36KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.l1 Size: 17KB - Virtual size: 17KB

.text
Size: 668KB - Virtual size: 668KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 36KB - Virtual size: 36KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.l1
Size: 17KB - Virtual size: 17KB