33b6937cb8bc35ffd185ecec239ec0345c51f6c53bb647147b63d7a49d752f7d

Sharing

Copy URL

Twitter E-mail

General

Target

33b6937cb8bc35ffd185ecec239ec0345c51f6c53bb647147b63d7a49d752f7d
Size

10.3MB
MD5

0ed7065058959d2ac2410fa33c71f5c7
SHA1

a8299f5dc8b9424b145b46de9b9dd9702c5a0fd3
SHA256

33b6937cb8bc35ffd185ecec239ec0345c51f6c53bb647147b63d7a49d752f7d
SHA512

0bbdae239283089c8470460f7cf37488c54e9588f7390b34a7e8e5a612117319ed1176dca277df53b550df3017697e9a616d68bf041832dcc39fb89c787afc6b
SSDEEP

196608:IgEHiNK7bn5AwL5ABew1tY8yU3FMrdLlfysYv+LbXKxHYD:FNQnLABew7gU3FMrdLlfyRvmapYD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33b6937cb8bc35ffd185ecec239ec0345c51f6c53bb647147b63d7a49d752f7d

Files

33b6937cb8bc35ffd185ecec239ec0345c51f6c53bb647147b63d7a49d752f7d
.exe windows:5 windows x86

7727b5ee6ffd56f3ff97ae779d9293e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

msvcrt

__mb_cur_max
_isctype
qsort
_errno
_setmode
fgets
abort
wcsstr
strcmp
strtoul
gmtime
fputs
isspace
toupper
_purecall
_pctype
_iob
fprintf
memmove
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
time
srand
rand
_mbsstr
_mbsnbcpy
strtok
longjmp
signal
mbstowcs
wcstombs
calloc
_except_handler3
rename
rewind
strchr
memchr
strspn
freopen
_open_osfhandle
_fdopen
?what@exception@@UBEPBDXZ
getenv
exit
_stricmp
printf
atoi
vfprintf
isprint
wcslen
sprintf
_mbsicmp
_CxxThrowException
??0exception@@QAE@ABQBD@Z
_mbscmp
fopen
fseek
ftell
fclose
fread
realloc
_vsnprintf
_snprintf
strncpy
malloc
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
sscanf
__CxxFrameHandler
strstr
_getch
_fileno
free
tolower
_itoa
strncmp
_ftol
fflush
fwrite
isalnum
_setmbcp
_stat

kernel32

EnterCriticalSection
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
lstrlenA
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
SetEvent
ReadFile
PulseEvent
WriteFile
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
GetFileAttributesA
GetTickCount
DeleteFileA
CopyFileA
CreateDirectoryA
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
InitializeCriticalSection
GetPrivateProfileIntA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetLastError
PeekNamedPipe
Sleep
GetSystemDirectoryA
TerminateProcess
FindFirstFileA
SetFileTime
CreateFileA
SetFileAttributesA
WideCharToMultiByte
GetVolumeInformationA
SetConsoleTextAttribute
GetStdHandle
FreeConsole
LocalFree
GetConsoleWindow
MapViewOfFile
CreateFileMappingA
GetCurrentDirectoryA
FileTimeToLocalFileTime
SetCurrentDirectoryA
lstrcpyA
CreateMutexA
ReleaseMutex
GetCurrentProcessId
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileInformationByHandle
UnmapViewOfFile
GetFileSize
FreeLibrary
GetCurrentThreadId
GetExitCodeThread
GetSystemInfo
FileTimeToSystemTime
VirtualProtect
GetModuleFileNameA
GetVersion
GetFileType
GlobalMemoryStatus
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
LeaveCriticalSection
GetLocalTime
WaitForSingleObject
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetUserObjectInformationW
GetDesktopWindow
wsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuItemID
SetWindowRgn
GetWindowDC
LoadBitmapA
EnableWindow
GetCapture
SetCapture
LoadMenuA
SetTimer
SetForegroundWindow
GetMessagePos
SetActiveWindow
HideCaret
CheckMenuItem
IsMenu
GetFocus
LockWindowUpdate
LoadCursorA
SetCursor
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
TranslateMessage
DispatchMessageA
ClientToScreen
IsIconic
GetProcessWindowStation
GetDlgCtrlID
GetWindowLongA
SetWindowLongA
SetWindowsHookExA
GetClassLongA
CreateMenu
GetMenuItemInfoA
DeleteMenu
SetMenu
GetSubMenu
GetMenuItemCount
GetMenuStringA
RemoveMenu
InsertMenuA
CreatePopupMenu
AppendMenuA
SetClassLongA
GetWindow
IsWindowVisible
SystemParametersInfoA
IsZoomed
LoadImageA
PostMessageA
SetMenuInfo
ReleaseCapture
GetScrollBarInfo
GetSystemMetrics
GetSysColor
RedrawWindow
MessageBoxA
OffsetRect
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetDC
ReleaseDC
CopyRect
GetWindowRect
InflateRect
GetParent
InvalidateRect
GetClientRect
FillRect
DrawIconEx
DrawFrameControl
LoadIconA
SendMessageA
DrawIcon
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
GetDeviceCaps
Ellipse
Polygon
GetBkMode
CreateRoundRectRgn
DeleteDC
GetTextMetricsA
RoundRect
CreateRectRgnIndirect
StretchBlt
GetObjectA
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
Rectangle
SelectObject
BitBlt
GetStockObject
CreatePen
CreateFontA

advapi32

RegisterEventSourceA
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
ReportEventA

shell32

SHGetFileInfoA
SHFileOperationA
ShellExecuteA
SHGetPathFromIDListA
SHChangeNotify
SHGetSpecialFolderLocation
StrStrIA
DragQueryFileA
DragFinish
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CoInitialize
OleSetContainedObject
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal

gdiplus

GdipSetLineColors
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipAddPathPieI
GdipSetSolidFillColor
GdipSetInterpolationMode
GdipAddPathLineI
GdipAddPathEllipseI
GdipFillRectangle
GdipAddPathArcI
GdipDrawLineI
GdipFillPolygonI
GdipDrawEllipseI
GdipFillEllipseI
GdipDeleteGraphics
GdipReleaseDC
GdipDrawImageRectI
GdipCreatePath
GdipTransformPath
GdipFillPath
GdipSetMatrixElements
GdipDeletePath
GdipDeleteMatrix
GdipDrawLine
GdipDrawArc
GdipDrawArcI
GdipSetPenColor
GdipCreatePen1
GdipDeletePen
GdiplusShutdown
GdiplusStartup
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateLineBrushFromRectWithAngle
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipCloneBrush
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipFillPieI
GdipFillRectangleI
GdipCreateSolidFill
GdipFillPolygon
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFromHDC
GdipSetStringFormatAlign

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@std@@YAXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??_7logic_error@std@@6B@
??_7out_of_range@std@@6B@
??1logic_error@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@ios_base@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
wctype
??_7bad_alloc@std@@6B@
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?what@logic_error@std@@UBEPBDXZ

ws2_32

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetReadFile
HttpSendRequestA
InternetCloseHandle

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7727b5ee6ffd56f3ff97ae779d9293e3

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

msvcp60

ws2_32

wininet

wtsapi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 224KB - Virtual size: 224KB

.vmp0 Size: 2.9MB - Virtual size: 2.9MB

.vmp1 Size: 5.1MB - Virtual size: 5.1MB

.rsrc Size: 322KB - Virtual size: 322KB

.l1 Size: 36KB - Virtual size: 36KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 224KB - Virtual size: 224KB

.vmp0
Size: 2.9MB - Virtual size: 2.9MB

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

.rsrc
Size: 322KB - Virtual size: 322KB

.l1
Size: 36KB - Virtual size: 36KB