5fc7a2f86f6de1e392619f55161dd714eaa7e71c5803f71f5a24a41ff647f772

Sharing

Copy URL Twitter E-mail

General

Target

5fc7a2f86f6de1e392619f55161dd714eaa7e71c5803f71f5a24a41ff647f772
Size

15.8MB
MD5

839bc8e898b221f28f4ef1023585b3c1
SHA1

b7c464917fb1d616fd4cff66b21dc921fb7db3a9
SHA256

5fc7a2f86f6de1e392619f55161dd714eaa7e71c5803f71f5a24a41ff647f772
SHA512

8ebf7e76af997c669be9f4fc4a2425f714de366befdf7007bc809c877268303ddd02ce52314633eafda9dfe6c01c94a298808a1ff2db9e34a6e5757396cb8a10
SSDEEP

196608:m5SjBMswLS+cgxSh4Cf2hB9CzeCcuyFt5bbgvfkLoj7nRwTEUNaRykLKLzKsXi0Z:m50O6gMqxMSFt9afdjeIQk+3K/zq4

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fc7a2f86f6de1e392619f55161dd714eaa7e71c5803f71f5a24a41ff647f772

Files

5fc7a2f86f6de1e392619f55161dd714eaa7e71c5803f71f5a24a41ff647f772
.exe windows:5 windows x86

92d3762fe36b91d9f40708ee72f1463a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

msvcr100

_mbsnbcpy
_access
??1exception@std@@UAE@XZ
_setmbcp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_vsnprintf
toupper
fopen
fread
fclose
printf
_strdup
ldiv
_localtime64_s
getenv
atol
atoi
_time64
strstr
strtok
_CIpow
isdigit
strcpy_s
vsprintf_s
free
calloc
malloc
memmove_s
exit
vsprintf
strncpy
sprintf
memmove
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
srand
rand
memcpy
memcpy_s
memset
__CxxFrameHandler3

kernel32

GetCurrentThreadId
WinExec
GetFileAttributesA
DeleteFileA
LoadLibraryA
Sleep
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetSystemInfo
GlobalMemoryStatusEx
GetModuleHandleW
GetVersionExA
GetDiskFreeSpaceExA
GetVolumeInformationA
DeviceIoControl
WideCharToMultiByte
GetFileAttributesExA
lstrcpyA
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateMutexA
CreateFileA
GetCurrentProcessId
SetThreadPriorityBoost
TerminateThread
SetThreadExecutionState
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
CopyFileA
GetTempPathA
GetTempFileNameA
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
FindResourceA
LoadResource
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersion
CreateDirectoryA
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
MultiByteToWideChar
GetCurrentThread
WriteFile
VirtualQuery
GetModuleFileNameA
FormatMessageA
SetUnhandledExceptionFilter
GetCurrentProcess
RemoveDirectoryA
GetDriveTypeA
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PtInRect
SetCursor
SetWindowLongA
LoadCursorW
InvalidateRect
EnableWindow
GetClientRect
DrawIcon
EnableMenuItem
GetSubMenu
ModifyMenuA
SetFocus
IsWindowEnabled
FindWindowExA
SendMessageA
PostMessageA
SetCapture
ExitWindowsEx
wsprintfA
GetFocus
LockWindowUpdate
DrawFocusRect
DefWindowProcA
MessageBoxA
IsWindow
LoadCursorA
ReleaseCapture
LoadBitmapW
SetRectEmpty
GetAsyncKeyState
GetDesktopWindow
MessageBeep
MoveWindow
OffsetRect
LoadBitmapA
GetSysColor
GetMenuItemID
GetMenuItemCount
CheckMenuItem
DrawStateA
UpdateLayeredWindow
SetWindowPos
DispatchMessageA
PeekMessageA
TranslateMessage
GetDC
ScreenToClient
ClientToScreen
RedrawWindow
GetWindowDC
SetPropA
GetWindow
GetClassNameA
GetPropA
ShowWindow
CallWindowProcA
ReleaseDC
DrawTextA
FillRect
GetParent
CopyRect
IsRectEmpty
GetWindowLongA
InflateRect
GetCursorPos
WindowFromPoint
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetSystemMetrics
CloseWindow
LoadIconW
KillTimer
SetTimer
IsWindowVisible
UpdateWindow
GetWindowRect
IsIconic
LoadMenuW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

Rectangle
CreateBitmap
CreateDCA
RoundRect
CreatePatternBrush
GetTextCharset
CreateCompatibleBitmap
SetBkMode
SelectObject
SetTextColor
CreateSolidBrush
DeleteObject
GetStockObject
BitBlt
GetDeviceCaps
CreatePen
GetTextExtentPoint32A
StretchBlt
GetObjectA
CreateCompatibleDC
DeleteDC
CreateFontIndirectA

advapi32

LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
OpenProcessToken
RegCreateKeyExA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

oleaut32

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipLoadImageFromStream
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFile
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusShutdown

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

ts2bd

reczip

hrburnapi

?SetWriteSpeed@CHRBurnApi@@QAEHG@Z
?BuildDVDVideoCatalogImage@CHRBurnApi@@QAEHPBD00@Z
?BuildBDVideoCatalogImage@CHRBurnApi@@QAEHPBD00@Z
?SetBurnEngine@CHRBurnApi@@QAEXH@Z
?BurnBDVideoCatalog@CHRBurnApi@@QAEHPBD0@Z
?GetWriteSpeed@CHRBurnApi@@QAEGXZ
?BurnBDIsoImage@CHRBurnApi@@QAEHPBD@Z
?PrepareDisc2@CHRBurnApi@@QAEHHKHHH@Z
?GetCurDevice@CHRBurnApi@@QAE?AUtagCdromDevice@@XZ
?ExitApi@CHRBurnApi@@QAEHXZ
?InitialApi@CHRBurnApi@@QAEHPBD0PAXH@Z
?callback_print_log@CHRBurnApi@@2P6AXHHPAX@ZA
??0CHRBurnApi@@QAE@XZ
??1CHRBurnApi@@UAE@XZ
?GetWriteSpeedList@CHRBurnApi@@QAEHQAGH@Z
?SetCurDevice@CHRBurnApi@@QAEHH@Z
?EnumCdroms@CHRBurnApi@@QAEHPAXI@Z
?GetRreparedBurner@CHRBurnApi@@QAEHH@Z
?SetCurDeviceByLetter@CHRBurnApi@@QAEHD@Z
?UnloadMedia@CHRBurnApi@@QAEHH@Z
?IsHdBdDrive@CHRBurnApi@@QAEHD@Z
?EnumCdroms@CHRBurnApi@@QAEHXZ
?BurnDvdVideoCatalog@CHRBurnApi@@QAEHPBD0@Z

googleana

advplug

crypt

winmm

sndPlaySoundA

dbghelp

SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymCleanup
SymInitialize

wininet

InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92d3762fe36b91d9f40708ee72f1463a

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

msvcp100

ts2bd

reczip

hrburnapi

googleana

advplug

crypt

winmm

dbghelp

wininet

setupapi

comdlg32

Sections

.text Size: 340KB - Virtual size: 340KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 208KB - Virtual size: 208KB

.vmp0 Size: 628KB - Virtual size: 628KB

.vmp0 Size: 1.5MB - Virtual size: 1.5MB

.vmp1 Size: 12.7MB - Virtual size: 12.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 300KB - Virtual size: 300KB

.l1 Size: 27KB - Virtual size: 27KB

.text
Size: 340KB - Virtual size: 340KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 208KB - Virtual size: 208KB

.vmp0
Size: 628KB - Virtual size: 628KB

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

.vmp1
Size: 12.7MB - Virtual size: 12.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 300KB - Virtual size: 300KB

.l1
Size: 27KB - Virtual size: 27KB