21b5748177dbf50cf022f6368d8859596cc4fe6d9b807513fb027fc3f0454206

Sharing

Copy URL Twitter E-mail

General

Target

21b5748177dbf50cf022f6368d8859596cc4fe6d9b807513fb027fc3f0454206
Size

11.2MB
MD5

3ba4d5d63ed8a806ab72683aedd76956
SHA1

9be0390882a696c1c53fcd8022381463b39dc5db
SHA256

21b5748177dbf50cf022f6368d8859596cc4fe6d9b807513fb027fc3f0454206
SHA512

fb480d1c5fca1c230ae0e39239084121ca79c102c61e840d68a38d77a267980891b39e13b8dab9f55ccdee4972bb5ddadbfe83a33e38e0d922fc31733263108e
SSDEEP

196608:8c2NH8/sdvZsXniAId5V2s1UaKirc5xr6DdAlyctFgoSC1rcg:8cEKsdU8dzLmaPc5xudH4gpC14g

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21b5748177dbf50cf022f6368d8859596cc4fe6d9b807513fb027fc3f0454206

Files

21b5748177dbf50cf022f6368d8859596cc4fe6d9b807513fb027fc3f0454206
.dll windows:6 windows x86

e9f7857bc7f9526433a685d83f62aed8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
WriteFile
FindClose
GetCurrentThreadId
FindNextFileW
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
DeleteFileA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetFileType
GetStdHandle
CloseHandle
CreatePipe
ReadFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetProcAddress
FindFirstFileW
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
PeekNamedPipe
GetModuleFileNameW
GetLastError
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
LoadLibraryW
DeleteFileW
WideCharToMultiByte
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

msvcp120

?good@ios_base@std@@QBE_NXZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?exceptions@ios_base@std@@QBEHXZ
?exceptions@ios_base@std@@QAEXH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??1_Container_base12@std@@QAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?eof@ios_base@std@@QBE_NXZ
??7ios_base@std@@QBE_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Container_base12@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

spdlogcore

?SpdLogW@@YAXPBDHHPB_WZZ
?InitSpdLogW@@YAXPB_W0@Z
?SpdLogEnableConsoleOutput@@YAX_N@Z
?SpdLogA@@YAXPBDHH0ZZ

libcurl

curl_easy_cleanup
curl_easy_getinfo
curl_easy_perform
curl_slist_append
curl_easy_setopt
curl_easy_init

msvcr120

wcstombs_s
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except1
__clean_type_info_names_internal
?terminate@@YAXXZ
_except_handler4_common
??0exception@std@@QAE@ABQBDH@Z
_aligned_malloc
_aligned_free
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
??9type_info@@QBE_NABV0@@Z
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@XZ
signal
fputs
sscanf
_gmtime64_s
strspn
strcspn
strncpy
sprintf
strtoul
_stat64i32
_stricmp
_setmode
_fileno
fgets
ferror
_strnicmp
strtol
getenv
fprintf
__iob_func
isspace
strrchr
strncmp
strchr
qsort
atoi
strcmp
strerror_s
raise
wcsstr
_vsnwprintf
_vsnprintf
_exit
realloc
memset
memcpy
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_vscprintf
_vswprintf
vsprintf
_vscwprintf
_errno
malloc
fopen
_wfopen
calloc
free
feof
fread
ftell
fseek
??_V@YAXPAX@Z
memchr
_time64
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
fgetc
ungetc
fwrite
fputc
_unlock_file
_lock_file
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_purecall
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove
??3@YAXPAX@Z
strstr

dbghelp

MakeSureDirectoryPathExists

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

ws2_32

WSASetLastError
closesocket
WSACleanup
recv
send
WSAGetLastError

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

wtsapi32

WTSSendMessageW

Exports

Exports

InitWhatsAppMgr

Sections

.text
Size: 1016KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9f7857bc7f9526433a685d83f62aed8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp120

spdlogcore

libcurl

msvcr120

dbghelp

bcrypt

user32

advapi32

shlwapi

ws2_32

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: 1016KB - Virtual size: 1016KB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 40KB - Virtual size: 40KB

.vmp0 Size: 3.5MB - Virtual size: 3.5MB

.vmp1 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 16KB - Virtual size: 16KB

.text
Size: 1016KB - Virtual size: 1016KB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 40KB - Virtual size: 40KB

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

.vmp1
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 16KB - Virtual size: 16KB