91e83ea0aa4b629ea05a26da4456466bdc3fda6fc83a7b12c48dc997c4959d91

Sharing

Copy URL

Twitter E-mail

General

Target

91e83ea0aa4b629ea05a26da4456466bdc3fda6fc83a7b12c48dc997c4959d91
Size

271KB
MD5

1ebf6ae096e3a5f4d85168d75327bd8a
SHA1

125e563c568fd5790a6ebbd6f2e043b79ec70909
SHA256

91e83ea0aa4b629ea05a26da4456466bdc3fda6fc83a7b12c48dc997c4959d91
SHA512

bf85cd08fca6240707f82b8a6246f16c37ca742457a4e2422a4d50bfcb439fab5dc7ae39cadb75f29123a9e16786212b042133917e3f16a2b76f1726eeea703c
SSDEEP

3072:7VFL70bNjW2jXxxCVpmTopI+Bp0HBDdIFnl4uFLRvCHWy+E0RgB1MKYA9N:7+JB7xxCVpSopIAp03w4uz6H1IReHYg

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91e83ea0aa4b629ea05a26da4456466bdc3fda6fc83a7b12c48dc997c4959d91

Files

91e83ea0aa4b629ea05a26da4456466bdc3fda6fc83a7b12c48dc997c4959d91
.exe windows:5 windows x86

15e0cf6a3f823cd17021bf038ed0145c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
SetUnhandledExceptionFilter
IsDBCSLeadByte
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
WritePrivateProfileStringA
DeleteFileA
SystemTimeToFileTime
GetLocalTime
GetTempPathA
GetTickCount
GetPrivateProfileIntA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
WriteFile
GetNativeSystemInfo
VirtualQuery
GetSystemDirectoryW
TerminateProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
LoadLibraryW
FreeLibrary
CreateDirectoryW
CreateFileW
GetCurrentProcessId
FlushFileBuffers
Sleep
CreateProcessW
GetCurrentThreadId
GetModuleFileNameA
CreateFileA
GetLastError
ReadFile
CloseHandle
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
RaiseException
LoadLibraryA
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
HeapCreate
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MapWindowPoints
GetClientRect
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
GetWindow
SetWindowTextA
EndDialog
SetWindowPos
GetSystemMetrics
DialogBoxParamA
GetActiveWindow
DefWindowProcA
GetWindowLongA
SendMessageA
LoadImageA
GetDlgItem
DestroyWindow
CharNextA
UnregisterClassA
SetWindowLongA
GetParent

advapi32

RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

gdiplus

GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStream
GdipAlloc
GdipFree

iphlpapi

GetAdaptersInfo

ws2_32

sendto
WSAStartup
socket
htons
connect
select
WSAGetLastError
send
WSACleanup
closesocket
recv

Exports

Exports

��<��Pd�D�v�J;�|�}��\�Z"gQi�1��e��B�h��!i�� r/��`#�\%0��)�o-!x_u��rU��ǖg=�8��+�+݋PT�7%ן(��| �y��@�n�*��l��8��۔�=��6B�MՕ�-InO��q~�¢U��ϯQ9� N��{UK�tQr��o�f�䎣��S��==�,}]4 �Q��l�QF��{�b�|��*\��8S�yt.r5r�[�� ai^�;"��T޿��ڭ� N`R��R�!o�"�zŉZ5tV�=��C��~`�Z��c��zt"Q�v>V�+�1t��G;�_Jj�}C��iR[`#��.Ge��N��J��e�|��rƚ �|D��8��֑)��.�o�j��߲��XVq��}\��I-C�EMч��F�O��P��)��|�j��ڌ��{��#f� �\�Y��V=}�vbGS9G��S`8�͙T�]�d��͔\G��8:�� 5ղt��"֑NHZ��tN��'<��]��92N�[�}�'��2�n��S��䪇��]C�ɒ�\�Az� �'ZQ�?,+��L�$��~O�q�܋q)�X��UX\S�W@W%��6Ʋ�E�¨&t��Xn��)(rD�bG��c�٘��sH&��-J�C��9� �{��Q�}k@z w (T�R��z��e@�[Pvl��4*&#�Es/��|�Uķ �St��pm<��W��#=��Oz�-:��:AwG�D��x,)/$�1k��0��yu�7�#�v��D��T�"�3�(�H$ڻ��l��7)K��7l�ԄU��do�/^��ب+� պ]�8��W��`��h��BM�ȩ{�\�dbM��'7��D��:��uly��F�ga2��j�h��:jC�5�{(�a8�j/3X�&��dw�%+��%�v�Z��@��M1澦�s�K�1��j��].H��-�&襩4w��kYH�m��D��v��u�+]��`s4�P��>O�({/F`�R�G��ȶ �}W�|�p7��^û{��[u�7��@��)*!w�p � ��p�> ]f�@��+��+��,]�r��1r�E�]CYi�\m"��B�-xX�U86+��Y�k� :ͺi(��1E#�V��V��u[d��K��˞�@5��(�ƕ�D�/.�H��!��kq�@}%E��"s��ߐ�E�C|�}��G�pC��Q��#�}]��1B�r�9�w�R��J��j �n�bT3�Ӗ�P�k'�[�Bg�|@0�E�3iZ��I�%R��0)�5�f��'�@�Wa��c�a��PB��f<P(��V#߬1��N��u��ԙG�t&�k�/L�� N 9�@J��jiߓ��Y��]R#@p7��ɰ.� �� N�DM�hBc՞d��z3�%�]�q��,[!�^Đ.��[�zs> c�r�9��5B��5�-��r#gUK3[�B�t��G��<]XR�OAe�4bm��z�@?ID}�V� �|�*�!-�F��|,�9�,x��,�]�M��Vorw��nU��vg' گ~��N��d�8�n�Vl��{,ҿo�bH�r!��R��f��[N�C�-��y��yRx/��)=�[r�,z�G�ʌj�?��&-�CA\�h�Q��j|�%��,m��s_p��i�.X*�X#�\U��3W�O�G��p��RAH�V��(׿m �6v͠��S�v8&�V��d��SV��Ŀ�59�Ȇ��~L��E��b�+"�2R�UES��g�V{%4�ò,C�@ �ɕ�+��A�F~;��=p�S�@��;?b��ϷB{V��pw��q@�(�l$-�÷��xdY;I�k<O\,��o��ύāC�XM�d��3�'z��Ϥـv`��kώ��~�լ��!*�u�3�&�f�¥� I�Ӌ�y��`� �I��=�匤f%3Gb��3�e>��4��a��smX��j"�&Z6c��0)�7v��j��BP�!@��~�Т2��{�b�ڢ0�3N��b>�m)��H��fŀ�,Qօ2�<�v��#\�n5�[I}�S�ɍ��mV�R�xJЁF̅,�}h��j��K ��<eH<��4TwWf?�,�b�5�b�{y�T_gX}�Y[q��TY��*�%x˴��82�(:jZ3r��k��vUA71)�a^��.u7}�Zt*�{�z͆&F��{R{��<8��$��lB��36��3*O�-��f�ԽU$�+�Nv�d��,�v��x�X��"��x��f7 ˏ��$��e�:.K�A�J�fF��Uk��*�lJ\��a�E�.��"�L0�_�N�F9��>j��]�n�7��0~�W��4w��w�T.�� x��=�%+[ږm�E��&��\�� Wa)�?s)�b��[��V��@��Mx�K�T��?�jύx��̷� T *�RZ&>d��aޕy�F�I�ʿPe�\�˃K�+A�:�G}��w�\�g�'tf��V�4�ο!��X��4y@��څ��ELE/�bE��/��v��G t?�0"� ��[ss�zZ�Z+&zз��]�,��:7�.P[w/�R��0 t�ԁ<�8�?�M| o��)c��]$�Gayϸ�]ڳFPP��sg��(�!2�(Ob��F"��^l��+��$e7�x��T�r3�V��O~�T�c��WQ�k¦�{��*9%�G�`��d��%��A��o��&=�3��R"��DM}q��g��ѵ��֘�m��@t�˩��`s4��D�0f>��O��Z7m��x?"�;��5�%�f�p�uR��

Sections

.text
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15e0cf6a3f823cd17021bf038ed0145c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 85KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 13KB

.vmp0 Size: - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 167KB - Virtual size: 167KB

.reloc Size: 512B - Virtual size: 420B

.rsrc Size: 94KB - Virtual size: 112KB

.text
Size: - Virtual size: 85KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 13KB

.vmp0
Size: - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 167KB - Virtual size: 167KB

.reloc
Size: 512B - Virtual size: 420B

.rsrc
Size: 94KB - Virtual size: 112KB