Behavioral task
behavioral1
Sample
ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb
-
Size
12.3MB
-
MD5
3f1067fc3d96d16cab946d98b89d59c0
-
SHA1
fa11e6e03552b4a0e3c750c1ef096f8142d63f7b
-
SHA256
ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb
-
SHA512
9e53de1b46a3c9e9cfd588f7eea693a3e5e1cc9d1e4935f83476ea0bb53560a1ecba17b45a331188a65255385ec59cb5f257dc99bfd3d150fce9538db903bcb1
-
SSDEEP
196608:nYWwI66fL5CAujEFzwUBWpGtirzDDjQD1kUZ4qRrBR26FD:d/LkjEDmPDDjQD1kUGqRTP
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb
Files
-
ad2b07284b7d25a3096cbbe687db64a40b1f94230ff3f8225903a6916870c0eb.exe windows:5 windows x86
8b8c70e7a1fc3ebb84634fb9d273fdeb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
msvcrt
atoi
_ftol
fwrite
sscanf
strncmp
memmove
tolower
_pctype
__mb_cur_max
_isctype
qsort
_errno
_setmode
fgets
wcsstr
strcmp
strtoul
rename
_itoa
_strnicmp
_fileno
_getch
toupper
_purecall
_setmbcp
strspn
strtol
_mbscmp
fopen
fseek
ftell
fclose
fread
realloc
_vsnprintf
_snprintf
strncpy
malloc
free
fflush
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
time
srand
rand
_mbsstr
_mbsnbcpy
isdigit
strtok
strrchr
islower
isupper
isspace
_mbslen
raise
abort
_exit
rewind
longjmp
signal
mbstowcs
wcstombs
isxdigit
calloc
exit
?what@exception@@UBEPBDXZ
getenv
fputs
scanf
freopen
_open_osfhandle
_fdopen
_stricmp
fprintf
printf
vfprintf
strchr
isprint
memchr
wcslen
sprintf
_mbsicmp
isgraph
strstr
??0exception@@QAE@ABV0@@Z
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
gmtime
_iob
_stat
__CxxFrameHandler
isalnum
_mbsnbicmp
_except_handler3
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_controlfp
kernel32
GetVersion
GetFileType
GlobalMemoryStatus
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
CreatePipe
GetLocalTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
Thread32Next
ReleaseMutex
CreateMutexA
lstrcpyA
SetCurrentDirectoryA
VirtualProtect
SetThreadPriority
ResumeThread
InterlockedDecrement
GetExitCodeThread
GetCurrentThreadId
GetLastError
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
PulseEvent
GetTickCount
LocalFree
FreeConsole
InterlockedIncrement
GetVolumeInformationA
WideCharToMultiByte
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CreateFileA
SetFileTime
FindFirstFileA
GetSystemDirectoryA
GetConsoleWindow
SetConsoleTextAttribute
AllocConsole
GetStdHandle
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
GetSystemInfo
GetPrivateProfileIntA
GetSystemTime
lstrcpynA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
DeleteFileA
CreateDirectoryA
CopyFileA
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
IsBadReadPtr
lstrlenA
SetEvent
PeekNamedPipe
ReadFile
GetExitCodeProcess
Sleep
TerminateProcess
WaitForSingleObject
WriteFile
GetStartupInfoA
CreateProcessA
CloseHandle
CreateThread
CreateEventA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetDesktopWindow
ShowWindow
CloseWindow
DestroyWindow
GetProcessWindowStation
GetUserObjectInformationW
SetWindowPos
CreateWindowExA
DefWindowProcA
RegisterClassExA
wsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
LoadMenuA
GetMenuItemID
SetMenuItemBitmaps
SetWindowRgn
GetWindowDC
FindWindowA
MonitorFromWindow
EnableWindow
GetClipboardData
IsMenu
SetCursor
IsIconic
DrawIcon
SetWindowsHookExA
CreateMenu
GetMenuItemInfoA
CheckMenuItem
GetSubMenu
GetMenuStringA
GetMenuItemCount
RemoveMenu
InsertMenuA
LoadBitmapA
GetCapture
GetClassLongA
SetClassLongA
GetWindowLongA
SetWindowLongA
GetDlgCtrlID
GetMessagePos
GetMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
UpdateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetParent
ClientToScreen
HideCaret
SystemParametersInfoA
IsZoomed
LockWindowUpdate
EqualRect
GetUpdateRect
CreatePopupMenu
AppendMenuA
GetFocus
PostMessageA
SetMenuInfo
MessageBoxA
GetWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
LoadCursorA
IsWindowVisible
GetScrollBarInfo
GetSysColor
GetDC
ReleaseDC
GetKeyState
RedrawWindow
GetSystemMetrics
LoadImageA
DestroyIcon
CopyRect
OffsetRect
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
InflateRect
GetParent
InvalidateRect
GetClientRect
FillRect
DrawIconEx
LoadIconA
SendMessageA
SetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
GetDeviceCaps
CreateRectRgnIndirect
Rectangle
SelectObject
StretchBlt
DeleteObject
GetTextExtentPoint32A
GetObjectA
CreateCompatibleDC
CreateFontA
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
GetStockObject
CreatePen
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
Ellipse
Polygon
GetTextMetricsA
DeleteDC
RoundRect
CreateSolidBrush
CreateDCA
advapi32
RegQueryValueExA
CryptDestroyHash
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegCreateKeyA
CryptDestroyKey
CryptExportKey
CryptReleaseContext
shell32
SHFileOperationA
SHChangeNotify
SHGetFileInfoA
StrStrIA
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
comctl32
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_ReplaceIcon
ole32
CreateStreamOnHGlobal
CoInitialize
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
gdiplus
GdipFillRectangle
GdipAddPathEllipseI
GdipDrawImageRect
GdipAddPathPieI
GdipSetLineColors
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipGetPathGradientPointCount
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCloneBitmapAreaI
GdipDeletePen
GdipCreatePen1
GdipSetPenColor
GdipDrawArcI
GdipDrawArc
GdipDrawLine
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateRegionPath
GdipDrawLineI
GdipFillPolygonI
GdipDrawEllipseI
GdipFillEllipseI
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipDeleteGraphics
GdipReleaseDC
GdipDrawImageRectI
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateLineBrushFromRectWithAngle
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipAddPathArc
GdipAddPathLine
GdipSetInterpolationMode
GdipCreateMatrix
GdipCreatePath
GdipAddPathRectangleI
GdipTranslateMatrix
GdipRotateMatrix
GdipTransformPath
GdipSetSolidFillColor
GdipSetMatrixElements
GdipDeletePath
GdipDeleteMatrix
GdipCloneImage
GdipCloneBrush
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipFree
GdipFillPieI
GdipFillRectangleI
GdipCreateSolidFill
GdipFillPolygon
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipFillPath
msvcp60
??0out_of_range@std@@QAE@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??_7bad_alloc@std@@6B@
wctype
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0bad_alloc@std@@QAE@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??1logic_error@std@@UAE@XZ
??_7out_of_range@std@@6B@
??_7logic_error@std@@6B@
?_Xlen@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xran@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@ios_base@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
ws2_32
wininet
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
imm32
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetContext
ImmSetConversionStatus
crypt32
CertNameToStrA
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext
wtsapi32
WTSSendMessageW
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 308KB - Virtual size: 308KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 362KB - Virtual size: 362KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.l1 Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE