11b383847368b22b427be34e1537c1a0cf7ecfd8cec774eba9ef30a2026e6771

Sharing

Copy URL Twitter E-mail

General

Target

11b383847368b22b427be34e1537c1a0cf7ecfd8cec774eba9ef30a2026e6771
Size

10.3MB
MD5

5be015b4b9563ba556ce49a4d88c5812
SHA1

27620de32f514cb0761595ea0998044d83f8a268
SHA256

11b383847368b22b427be34e1537c1a0cf7ecfd8cec774eba9ef30a2026e6771
SHA512

60cb55c7cebba2e991240d3828d02c2e3e44933bd3e43c0c7da1f4289adad245e92d07dcaa0afcc7efd0006cbad6c27694ab7186d3dff1dd372c3e282ddc4542
SSDEEP

196608:4n0qwcmrJexuBrFT1xE7ZZA2VWWNAdBkg07t77MAYe9YQScAv9vnUq7:4gKu/1w1VV4bEtOeiQSv9fj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11b383847368b22b427be34e1537c1a0cf7ecfd8cec774eba9ef30a2026e6771

Files

11b383847368b22b427be34e1537c1a0cf7ecfd8cec774eba9ef30a2026e6771
.exe windows:5 windows x86

4eab464fb673729efecc687c57e09939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fltlib

FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort

shlwapi

PathFileExistsW

ws2_32

WSAGetLastError
connect
WSAStartup
WSACleanup
inet_addr
gethostbyname
htonl
socket
htons
closesocket
recv
send
setsockopt
gethostname

kernel32

DeleteFileW
ExpandEnvironmentStringsW
WideCharToMultiByte
lstrcmpA
SystemTimeToFileTime
LocalAlloc
FileTimeToLocalFileTime
WriteFile
OutputDebugStringA
CreateEventW
WaitForSingleObject
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
TlsFree
TlsGetValue
TlsSetValue
GetExitCodeThread
GetCurrentThreadId
EnterCriticalSection
TlsAlloc
SetThreadPriority
GetFileAttributesW
SetEndOfFile
InterlockedExchange
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
GetSystemInfo
ResetEvent
GetNativeSystemInfo
GetTickCount64
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateThread
WaitForMultipleObjectsEx
InitializeCriticalSection
InterlockedCompareExchange
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
AllocConsole
OutputDebugStringW
HeapFree
GetProcessHeap
HeapAlloc
CreateFileW
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
CreateDirectoryW
SetFilePointer
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GetLastError
OpenProcess
QueryFullProcessImageNameW
CompareStringW
CreateFileA
LoadLibraryW
GetModuleHandleW
SetEvent
LocalFree
IsDebuggerPresent
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
Sleep
GetCommandLineW
MultiByteToWideChar
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
ExitThread
GetCPInfo
MoveFileW
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
HeapSize
ExitProcess
GetLocaleInfoW
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
SetEnvironmentVariableA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

advapi32

GetLengthSid
RegQueryValueExW
RegOpenKeyExW
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
OpenSCManagerA
QueryServiceConfigW
OpenServiceW
RegCloseKey
RegSetValueExW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
CopySid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

shell32

CommandLineToArgvW

crypt32

CryptDecodeObject
CertGetIssuerCertificateFromStore
CryptMsgClose
CertOpenSystemStoreA
CryptQueryObject
CertGetNameStringW
CertOpenStore
CertFindExtension
CertFindCertificateInStore
CertCloseStore
CryptMsgUpdate
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptMsgGetParam
CryptMsgOpenToDecode
CertGetSubjectCertificateFromStore
CertFreeCertificateContext

wintrust

WinVerifyTrust

oleaut32

VariantClear

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

Exports

Exports

GetLoggerSingleton

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4eab464fb673729efecc687c57e09939

Headers

DLL Characteristics

File Characteristics

Imports

fltlib

shlwapi

ws2_32

kernel32

advapi32

shell32

crypt32

wintrust

oleaut32

wtsapi32

user32

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 556KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 52KB - Virtual size: 52KB

.vmp0 Size: 3.5MB - Virtual size: 3.5MB

.vmp1 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 11KB - Virtual size: 11KB

.text
Size: 556KB - Virtual size: 556KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 52KB - Virtual size: 52KB

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 11KB - Virtual size: 11KB