ce26a75f2de66e1d74d1f606a2676f398588b4ca6a0a5be00ed4fa8a166a6d0b

Sharing

Copy URL Twitter E-mail

General

Target

ce26a75f2de66e1d74d1f606a2676f398588b4ca6a0a5be00ed4fa8a166a6d0b
Size

13.1MB
MD5

2664d4961f4b9c50a38b0955e1d6b70c
SHA1

2133d5c22506f7a7b26648f8fe0af25c8636969a
SHA256

ce26a75f2de66e1d74d1f606a2676f398588b4ca6a0a5be00ed4fa8a166a6d0b
SHA512

8985c40133b7d6016755809c3d3e19dbc0cfd97ceadf8e70b33ffb160fc0bd0b2ebc04f9279a25321ae1c62ebf3f3b9979fe2340a14e7d69decff12f6f9a454c
SSDEEP

393216:JLZyOsF+/KfmbOOgkeraJ/kFV0cjh3mt:JLolM4jO0rahU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce26a75f2de66e1d74d1f606a2676f398588b4ca6a0a5be00ed4fa8a166a6d0b

Files

ce26a75f2de66e1d74d1f606a2676f398588b4ca6a0a5be00ed4fa8a166a6d0b
.exe windows:5 windows x86

dde2894211502572dd2d1d42d004ce9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
SetStdHandle
GetFileType
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
TlsSetValue
LCMapStringW
GetTimeZoneInformation
GetFileAttributesA
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
CreateProcessA
WriteConsoleA
GetConsoleOutputCP
GetCurrentDirectoryA
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
CreateFileA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
LocalAlloc
InitializeCriticalSection
FindNextFileW
GetFileTime
GetFileSizeEx
SetFileAttributesW
TlsFree
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
MoveFileW
GetCurrentThread
ConvertDefaultLocale
lstrcmpA
CompareStringA
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GlobalFlags
SetLastError
GlobalUnlock
FormatMessageW
DeviceIoControl
UnmapViewOfFile
SetFileTime
WriteFile
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
CreateThread
GlobalLock
lstrcpynW
WaitForSingleObject
WriteConsoleW
GetStdHandle
GetACP
GetLocaleInfoW
lstrcpyW
GetSystemInfo
MulDiv
FreeResource
ReadFile
GetFileSize
CreateFileW
SetErrorMode
LocalFree
VirtualFreeEx
VirtualAllocEx
QueryDosDeviceW
GetLogicalDriveStringsW
WritePrivateProfileStringW
GetSystemDirectoryW
GetTempPathW
GetFullPathNameW
LocalReAlloc
GetSystemDirectoryA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
OutputDebugStringW
FreeLibrary
lstrlenA
GetLocalTime
GetModuleFileNameA
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetComputerNameW
GetPrivateProfileStringW
TerminateProcess
WriteProcessMemory
ReadProcessMemory
CreateProcessW
OpenProcess
GetCurrentProcessId
CopyFileW
lstrcmpW
GetVolumeInformationW
GlobalFree
GlobalAlloc
WideCharToMultiByte
lstrlenW
ResumeThread
GetExitCodeThread
lstrcatW
GetCurrentDirectoryW
ExitProcess
DeleteCriticalSection
DeleteFileW
GetTickCount
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
LockResource
SizeofResource
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileW
FindClose
GetModuleFileNameW
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
Toolhelp32ReadProcessMemory
GetLastError
CreateToolhelp32Snapshot
CloseHandle
MultiByteToWideChar
Sleep
InterlockedExchange
EnterCriticalSection
IsValidCodePage
LeaveCriticalSection
GetVersionExA
GetVersionExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

UnregisterClassW
GetSysColorBrush
CharNextW
CharUpperW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CreateDialogIndirectParamW
EndDialog
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
GetMessageTime
TrackPopupMenu
SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetDlgCtrlID
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
InflateRect
RedrawWindow
SetCursor
MessageBeep
RegisterWindowMessageW
IsWindowVisible
ReleaseCapture
SetCapture
WindowFromPoint
KillTimer
UpdateWindow
LockWindowUpdate
GetSysColor
LoadBitmapW
SetWindowPos
CopyRect
PtInRect
GetSystemMetrics
GetComboBoxInfo
FillRect
SetTimer
DrawTextW
ExitWindowsEx
keybd_event
mouse_event
CopyAcceleratorTableW
SetRect
InvalidateRgn
GetNextDlgGroupItem
ScreenToClient
MapWindowPoints
RegisterClassExW
RegisterClipboardFormatW
UnhookWindowsHookEx
DestroyWindow
LoadCursorW
DefWindowProcW
IsRectEmpty
UpdateLayeredWindow
LoadIconW
DispatchMessageW
PeekMessageW
PostThreadMessageW
MessageBoxW
SetWindowLongW
GetWindowLongW
GetParent
SetActiveWindow
GetDesktopWindow
wsprintfW
EnumWindows
GetWindowThreadProcessId
EnumChildWindows
SetForegroundWindow
GetCursorPos
AppendMenuW
CreatePopupMenu
GetMessagePos
GetKeyState
SendMessageTimeoutW
IsWindow
DrawIconEx
FindWindowW
EnableWindow
SetFocus
InvalidateRect
ReleaseDC
GetDC
GetFocus
GetNextDlgTabItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
PostMessageW
GetClientRect
SendMessageW
SetRectEmpty
SetWindowRgn
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

gdi32

GetMapMode
GetRgnBox
SetMapMode
CreateRectRgnIndirect
CreateBitmap
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
DeleteObject
RestoreDC
SaveDC
SetBkColor
GetClipBox
GetDeviceCaps
GetPixel
GetTextExtentPoint32W
TextOutW
SetDIBColorTable
GetBkColor
GetTextColor
GetDIBColorTable
StretchBlt
CreatePen
FillRgn
CreateSolidBrush
Rectangle
GetStockObject
SetPixel
CreateDIBitmap
SetTextColor
SetBkMode
CombineRgn
CreateRectRgn
GetObjectW
GetCurrentObject
CreateDIBSection
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRoundRectRgn
DeleteDC
SelectObject

msimg32

TransparentBlt
GradientFill
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetFileSecurityW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueW
LookupPrivilegeValueW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
AdjustTokenPrivileges
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFileExistsW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysStringLen
SysAllocStringLen

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDrawImageRectRect
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdipDrawString
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipReleaseDC
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushFromRectWithAngle
GdiplusShutdown
GdipBitmapUnlockBits

wininet

InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenUrlW
InternetCrackUrlW

dsound

ord1

ws2_32

socket
htons
inet_addr
connect
closesocket
recv
send
shutdown
WSASetLastError
inet_ntoa
gethostname
gethostbyname
WSACleanup
WSAStartup

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

wtsapi32

WTSSendMessageW

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dde2894211502572dd2d1d42d004ce9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

wininet

dsound

ws2_32

psapi

iphlpapi

winmm

dbghelp

wtsapi32

Sections

.text Size: 524KB - Virtual size: 524KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 40KB - Virtual size: 40KB

.vmp0 Size: 9.7MB - Virtual size: 9.7MB

.vmp1 Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 52KB - Virtual size: 52KB

.rsrc Size: 18KB - Virtual size: 18KB

.l1 Size: 25KB - Virtual size: 25KB

.text
Size: 524KB - Virtual size: 524KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 40KB - Virtual size: 40KB

.vmp0
Size: 9.7MB - Virtual size: 9.7MB

.vmp1
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 18KB - Virtual size: 18KB

.l1
Size: 25KB - Virtual size: 25KB