50c19e1e34a851e1af9a19f4976f7aaf79adf4728d4710b3ee0bfff1f09dc8b6

Sharing

Copy URL Twitter E-mail

General

Target

50c19e1e34a851e1af9a19f4976f7aaf79adf4728d4710b3ee0bfff1f09dc8b6
Size

11.1MB
MD5

dc3cf270eaa030c338189e9704d6df82
SHA1

b4c980d6e70129211f0cc01de824331d1f3fcb12
SHA256

50c19e1e34a851e1af9a19f4976f7aaf79adf4728d4710b3ee0bfff1f09dc8b6
SHA512

803db3526a14d73a85b321f5e51d45b5ff2d94346fca102f427536c97c8ccde797c6449038914b676dc074d790a4b1b5c8eafd31e576400f9dc988f38a10faff
SSDEEP

196608:kdXlzbEuEMc0dYk/PFieotz61r72zzqtiDosGKGNyMyOlb1SbbzkKcC:kd1PEuRTfPIH6F72zzqtWovDgMyOlbQo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50c19e1e34a851e1af9a19f4976f7aaf79adf4728d4710b3ee0bfff1f09dc8b6

Files

50c19e1e34a851e1af9a19f4976f7aaf79adf4728d4710b3ee0bfff1f09dc8b6
.exe windows:6 windows x64

aa91d5527fe062a38fef07a123b49fb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getaddrinfo
freeaddrinfo
WSAAddressToStringW

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalAlloc
LocalReAlloc
GetAtomNameW
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
GetProfileIntW
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
GetCurrentThread
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ResumeThread
SuspendThread
CreateEventW
SetEvent
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
IsValidLocale
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GlobalGetAtomNameW
GetVersionExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentProcessId
lstrcmpA
CompareStringW
OutputDebugStringW
FormatMessageA
GetStringTypeW
SwitchToThread
LCMapStringW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
CopyFileW
FormatMessageW
LocalFree
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
HeapQueryInformation
GetStdHandle
ExitProcess
GetDateFormatW
GetTimeFormatW
LoadLibraryW
GetModuleHandleExW
CompareStringA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
SetThreadPriority
CreateSemaphoreW
Sleep
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
lstrcpyW
ReleaseSemaphore
GetTickCount
GlobalSize
GlobalReAlloc
GetLocalTime
SetCommTimeouts
SetCommState
PurgeComm
GetCommState
SetupComm
ClearCommError
GetTickCount64
CloseHandle
WriteFile
ReadFile
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
WriteConsoleW
RtlLookupFunctionEntry
RtlUnwind
FlsSetValue
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

NotifyWinEvent
DrawFocusRect
SetParent
DeleteMenu
GetSystemMenu
WaitMessage
TranslateMessage
GetMessageW
RegisterClipboardFormatW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
DestroyIcon
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetWindowDC
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
CharUpperW
SetPropW
ShowScrollBar
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
CallWindowProcW
SetWindowRgn
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetWindowTextLengthW
GetWindowTextW
SetFocus
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
UnregisterClassA
SendDlgItemMessageA
GetDlgCtrlID
LoadImageW
UnregisterClassW
GetSubMenu
EnableMenuItem
CheckMenuItem
LoadMenuW
SetWindowLongW
GetWindowLongW
IsZoomed
PostQuitMessage
ShowOwnedPopups
GetMenuItemInfoW
DestroyCursor
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
IsIconic
WindowFromPoint
ClientToScreen
IsWindowVisible
MapDialogRect
GetDialogBaseUnits
GetKeyNameTextW
MapVirtualKeyW
UnionRect
PostThreadMessageW
GetDCEx
LockWindowUpdate
GetPropW
GetDoubleClickTime
GetParent
IntersectRect
InvertRect
ClipCursor
ScreenToClient
GetCursorPos
TabbedTextOutW
GrayStringW
DrawTextExW
GetSystemMetrics
KillTimer
GetCapture
GetKeyState
GetFocus
IsClipboardFormatAvailable
IsWindow
PostMessageW
GetMessagePos
FrameRect
DrawTextW
SystemParametersInfoW
GetDC
SetTimer
SendNotifyMessageW
wsprintfW
GetScrollRange
GetScrollPos
SetScrollPos
SetRectEmpty
LoadCursorW
IsRectEmpty
CopyRect
GetSysColor
ChildWindowFromPoint
SetCursor
ReleaseDC
UpdateWindow
ReleaseCapture
SetCapture
GetClassInfoW
RegisterClassW
DefWindowProcW
DrawEdge
SetRect
OffsetRect
InflateRect
FillRect
PtInRect
GetWindowRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MapWindowPoints
GetClientRect
InvalidateRect
SendMessageW
EnableWindow
DrawIcon
CreateMenu
CopyAcceleratorTableW
WindowFromDC
InSendMessage
GetMessageTime
GetTabbedTextExtentW
SetWindowsHookExW
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreatePen
CreateSolidBrush
Rectangle
BitBlt
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
GetClipRgn
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
DeleteObject
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetMapMode
SetRectRgn
DPtoLP
SetAbortProc
GetCharWidthW
StretchDIBits
GetViewportOrgEx
CreateEllipticRgn
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
GetTextFaceW
EnumFontFamiliesExW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
GetClipBox
ExcludeClipRect
ExtTextOutW
GetTextExtentPoint32W
SetGraphicsMode
SetMapperFlags
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
SetWindowOrgEx
GetCurrentPositionEx
CreateRectRgn
CreatePatternBrush
CreateDIBPatternBrushPt
SetTextColor
SetBkColor
CreateBitmap
CreateDCW
CopyMetaFileW
GetTextColor
GetTextMetricsW
PatBlt
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
GetCurrentObject
CreateFontIndirectW
CreateHatchBrush
Polygon
Ellipse
PolyBezier
Polyline
ExtCreatePen
GetObjectW
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
CreateDIBSection
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectType

msimg32

GradientFill

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetJobW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW

shell32

ShellExecuteW
DragQueryFileW
DragFinish
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
DragAcceptFiles

comctl32

ImageList_GetImageInfo
InitCommonControlsEx
ImageList_Draw

shlwapi

StrToIntW
SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

uxtheme

DrawThemeText
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground

ole32

CoDisconnectObject
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
PropVariantCopy
CoInitialize
CoCreateGuid
CoRevokeClassObject
CoRegisterClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
OleUninitialize
CoGetClassObject
CoFreeUnusedLibraries
CoCreateInstance
CreateFileMoniker
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
OleRegGetMiscStatus
OleRegEnumVerbs
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
CreateILockBytesOnHGlobal
CoInitializeEx
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
WriteClassStm
CreateDataAdviseHolder
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
CreateOleAdviseHolder
CoLockObjectExternal
GetRunningObjectTable
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
DoDragDrop
OleSetMenuDescriptor
OleGetIconOfClass
OleLockRunning
CoRegisterMessageFilter
OleSetContainedObject
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
GetHGlobalFromILockBytes
OleInitialize
CoGetMalloc

oleaut32

oledlg

OleUIBusyW

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageEncoders

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa91d5527fe062a38fef07a123b49fb8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

setupapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

wtsapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 388KB - Virtual size: 388KB

.pdata Size: 112KB - Virtual size: 112KB

_RDATA Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.7MB - Virtual size: 2.7MB

.vmp1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 451KB - Virtual size: 451KB

.l1 Size: 40KB - Virtual size: 40KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 388KB - Virtual size: 388KB

.pdata
Size: 112KB - Virtual size: 112KB

_RDATA
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.7MB - Virtual size: 2.7MB

.vmp1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 451KB - Virtual size: 451KB

.l1
Size: 40KB - Virtual size: 40KB