abaf191afc51c5a71e16c3291d2563b30e2d885b99e7a38a02ce2339d98e5565

Sharing

Copy URL Twitter E-mail

General

Target

abaf191afc51c5a71e16c3291d2563b30e2d885b99e7a38a02ce2339d98e5565
Size

6.2MB
MD5

2b5581fcf3dd7ca72df0f77ebdfdff0b
SHA1

e947fd4c485ef89d70d6465d43d87f77b97ff3b8
SHA256

abaf191afc51c5a71e16c3291d2563b30e2d885b99e7a38a02ce2339d98e5565
SHA512

458e02c7383c3f8a7abcd8935d743bbb0ac12a531f0438e83436505dd3079be1a3624dfc92390592dc198552071bd5e23c9f12441b8b62ab444117be2eb72919
SSDEEP

98304:L57WJyzhtnkVX9K30/ysji6gsKfTHC1tqR4CpYFXHD5gqLblC:bhtaDysYbi1mNIHM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abaf191afc51c5a71e16c3291d2563b30e2d885b99e7a38a02ce2339d98e5565

Files

abaf191afc51c5a71e16c3291d2563b30e2d885b99e7a38a02ce2339d98e5565
.dll windows:6 windows x86

dff14a46436a10d159890f0eeaaa05ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
CreateThread
FindResourceExW
ResetEvent
LoadResource
FindResourceW
HeapAlloc
GetLocalTime
DecodePointer
HeapDestroy
WriteConsoleW
GetProcAddress
CreateEventW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
VirtualQuery
SetEvent
FreeLibrary
GetTickCount64
GetWindowsDirectoryW
HeapSize
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetPrivateProfileIntW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OutputDebugStringW
GetLastError
Sleep
MultiByteToWideChar
ProcessIdToSessionId
WriteFile
GetStdHandle
EnterCriticalSection
SetConsoleTextAttribute
HeapFree
GetFileSizeEx
WTSGetActiveConsoleSessionId
SizeofResource
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStringTypeW
GetFileType
TryEnterCriticalSection
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
VirtualAlloc
WaitForMultipleObjects
CreateTimerQueueTimer
DeleteTimerQueueTimer
VirtualFree
IsWow64Process
GetCurrentProcess
LoadLibraryA
GetModuleHandleExW
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
LockResource
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
ExitProcess
GetModuleFileNameA
GetACP
GetVersionExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

CharUpperBuffW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

advapi32

RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
SetSecurityDescriptorDacl
RegCloseKey
SetFileSecurityW
InitializeSecurityDescriptor
RegOpenKeyExW
RegGetValueW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize

ntdll

RtlInitUnicodeString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathAppendW
SHDeleteKeyW

bcrypt

BCryptHashData
BCryptSignHash
BCryptImportKeyPair
BCryptCreateHash
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyHash

fltlib

FilterGetMessage
FilterReplyMessage
FilterSendMessage
FilterConnectCommunicationPort

dbghelp

SymInitializeW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dff14a46436a10d159890f0eeaaa05ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ntdll

shlwapi

bcrypt

fltlib

dbghelp

wtsapi32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 16KB - Virtual size: 16KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.2MB - Virtual size: 2.2MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 12KB - Virtual size: 12KB

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 16KB - Virtual size: 16KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.2MB - Virtual size: 2.2MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 12KB - Virtual size: 12KB