d05df8b931544b7c4679b4d0b1d8f91543d620cd4acc7437fb1c683d739e71d9

Sharing

Copy URL Twitter E-mail

General

Target

d05df8b931544b7c4679b4d0b1d8f91543d620cd4acc7437fb1c683d739e71d9
Size

9.1MB
MD5

3a5fa90f51a3e6101e3948581fee6c7a
SHA1

3b657d533cbb866441f7924543ecad3c38049f37
SHA256

d05df8b931544b7c4679b4d0b1d8f91543d620cd4acc7437fb1c683d739e71d9
SHA512

5f1dc143d23e04f1fd47acd1f8556361c8131bf1d75ec3be3d756e7b3b552b7ef102b25efaf67431916e194a0aa39d940dc650db1d3f6189cf733fbdaaae131a
SSDEEP

196608:mOuwgV2Mk7Ax9DmK9Qv/F/47NbLEoijJbxsdA:gtmKCne7NbghxsdA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d05df8b931544b7c4679b4d0b1d8f91543d620cd4acc7437fb1c683d739e71d9

Files

d05df8b931544b7c4679b4d0b1d8f91543d620cd4acc7437fb1c683d739e71d9
.exe windows:6 windows x64

0db072a78c00469749790d23fc8a95e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
ReadConsoleW
HeapSize
CreateFileW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

Exports

Exports

ч6��#� ��Nc��&�B�:'w��NF��R��?Y�Y��Ė��~X�k2�OJ(�J ��)&� !�f�O-|��4/�N}��҃bn,��GK e)�� 59{�#h� �Էp�E��=��L�I$(�n��)(��M��zf?�.Cj�� H\%&��"4e��YM�\��N#�Wm��"Xm-�C��P0�60�e�A�yy��f�NyF��!"��qJݡn��W��|2A�Z��T��1ż �>��F��f� :��g$�g�tZ��&dт�m�� 4ԙ��D1�l4�d,��2C��U��S��^��Xߣ� ��YjรZcP��ʏ�U��*&6h�a�y�oc�4�J�q��s�O��l��'��>*nΪc�S�� rѭ��Dm)��q��6#}�̩��6�wO��+j��(��6��ˎj>��[�q��t��m��ұډU�p�Tei��Њ`�[pTh��B�n1� x1r�� }��LpyJ��R��hEu7�� ]#[D*��ک|�엍�s�o�X��&�)m ́W��k��a�I��b��=v��&U�5��6ԣ��xe!�+6A�J��B��޹$揓N�S��MZ|�:H �(c9\��丒�`*U�,N ��ņ�a5�5�Y"t�Z�ȗ��z��xk۹�^�N�6޵(n�넏HYܨ��7?j;$��yM��9�U+[�XZ��i #�JUz�';s��@84�*u�\ⓨ� ;{3�Z�`�Ɏ ˯�]rр}*զ+��É��XÎSK��"M�t��D"��hc��4�c�ST��Y�C[ =�Q5g�2:�p�ۭ>Faf�sj�Oc�G��Z5�YA��C��Ձ"*��}W7�r��eG��'��,��t�_ ��b��h�W�@@/�ޖ��w*�gJ'��ɚVa=�M"��_�d[lB&�oo�i��E�T��7U�_TXr�/��H�,��?Ӿ�LLj\q=��-��o��K��Qe�oR�O�~N��Bg�邘��[��>A]Ħ�:��T&��WD�{��Jd�6��{� � @o W�;n�R� <O��:f�� I� �� 2dx<��4q<L� ��U�OY ٮs�wuZ�P,@�8b�kJ��[�S�z�m��Pi��8[��8�?��o�9y�2��[&�$�f�mn��~�� G�`�i�q�9��;B�� .�"��2�$L��%�Y�L�� Q��"0hH�~��5*�1čgN��!Ómu��v�RV�H��͐�͵f.�R��ݾ6!�=�t0��c�ȭ��[��l�fg�;{��}��sJfB�<�n��kN�-B9�gi�u��F��ᣎ�(b?4��:��>�γ�_u�؋{�n�I�c�)�qT�@#��μ��WЄ)��s��]�`J��Z�7$PԻ��K �>w�l_K5�ukΏ�,�;پ�7�ɡ��Svv��`�:Ǎ��+zw��H��A�0 �B��J�<��w��@��"dS7A�Ю��)�H!c� Ï�_O=��.t��+�C��րi�x�^b��d�1G�9G��Ca H>'��%׸G��9��A�W��R��]h]ځH��}=n~#f�q�r�Y�)��:��D3�\��5l�Ξ-$Bť�2��#�4�H��`�~��f��U�g�F��<Di�~�64��6��]�t/�ϴkz�N�v��Dɂ^i��>�5�]��8C��^I�?��6�F��U�AM?�g��4�=��WkN�O<�@��h��iW�� u��e�]p�Let��$DQ7HC<�5C4jZCwV8�>��|E��X��^��M��I6=��)K��}�ADG��nL��Y��'* ��$f��r%:��j߾��%9}��4��!QS u�+5.>� :��ղ��0��x�EeR��U�C��!�9��U��ududS�l�B(}�y��I�ܛ�y�_W��u�t�pbtfB�:�y�9o��,�\kA� c�cƋ��[��i{�Յ�NJ�!2��T��4O��cn�B��$��4z�Gb��z�+�Azi��N��B�A�׋��HV��櫷�٨��x��t��m��}�We� *U�p槁�t��2�O�Hɵ��d��*vUE�$��x��L�5�9M��Z�R�AX�Ȏ��š<��;��d��J��we��WIJ�f��9�37��5c #��(��{h2�*"{h�rt�##|�e<[�O�v�3G��ݸ�n��<ղcάy<m�DaoY�;І��G��k/03��VF]��=��^�|�_s�;�B��[�Qz^��)�q]��L Z:�+�Cߐ�?��W��4��&d�x��~��P @l��g�=BW�:SV�F5V�O��9�_о/��盛�d>��sk/��X�aS'V*��S�)iݏs�6U�Nv�Y��U�b��u��aJ y��ĝ�H��\�J\��fV��|��?��QoC��c�QU��XLnd��c��bR1Ńd�e��:�m��+ӹc�uz��@�WF��K�痬�-�u��P�G�3��m��_�*�� _�%B>)�a¼U��\+T:C�x�9�, �ˎ��Mo*1vI�!��MI�\O�/Sf#t�wq��}J��qBW7X�� E�� ZKj��5Ty�v�� k�uF�� E=W�0E��EuqP7`Uȵ(E��)i�2��X��˺��E�X�9 �sa%��f�� o-��=.w�4`&��J��n�C�/��/��*�E�8��?}��J�d50Z�q��cn�cqYܘ��u��LS�]Z&��#��A��>��w�� I�7{;��|�

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0db072a78c00469749790d23fc8a95e6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 12KB - Virtual size: 12KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 10KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 12KB - Virtual size: 12KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 10KB - Virtual size: 10KB