1bf3e9dc145fcd1e48cd383bdc9c4b4a1f3542ba2640bcd8b02df06278ab79a5

Sharing

Copy URL

Twitter E-mail

General

Target

1bf3e9dc145fcd1e48cd383bdc9c4b4a1f3542ba2640bcd8b02df06278ab79a5
Size

12.0MB
MD5

7266bffbd2eece50c712da859d20671c
SHA1

a734f97eae2fcd0c646f3ba8000c43a608a59f50
SHA256

1bf3e9dc145fcd1e48cd383bdc9c4b4a1f3542ba2640bcd8b02df06278ab79a5
SHA512

cb2a84aa50dbd7eea8da3ff5f3d1853f7b3d0f28dd6eb229177606c2f852add9932f21699afefcc92444097887c983a9dfb06a0a8f094c11f4a3d8abeaee2370
SSDEEP

196608:l9y015SmwHDEi9DWCa4DiNaVZiQV4XhKbSgkprDtvyMXfiQtwjvHi96VTJc:ZyDEiPnocZiQVkhKbSgkpvpPXfivjvPu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf3e9dc145fcd1e48cd383bdc9c4b4a1f3542ba2640bcd8b02df06278ab79a5

Files

1bf3e9dc145fcd1e48cd383bdc9c4b4a1f3542ba2640bcd8b02df06278ab79a5
.exe windows:5 windows x86

ab5ea2f358a4f45e539751a7a359417a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

msvcrt

atoi
_ftol
strncmp
memmove
tolower
_pctype
__mb_cur_max
_isctype
qsort
_errno
_setmode
fgets
abort
wcsstr
strcmp
strtoul
rename
_itoa
_strnicmp
_fileno
_getch
toupper
_purecall
_setmbcp
strspn
sscanf
_mbscmp
fopen
fseek
ftell
fclose
fread
realloc
_vsnprintf
_snprintf
strncpy
malloc
free
fflush
fwrite
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
time
srand
rand
_mbsstr
_mbsnbcpy
isdigit
strtok
strrchr
islower
isupper
longjmp
signal
mbstowcs
wcstombs
calloc
rewind
isspace
isxdigit
_mbslen
strtol
exit
?what@exception@@UBEPBDXZ
getenv
fputs
scanf
freopen
_open_osfhandle
_fdopen
_stricmp
fprintf
printf
vfprintf
strchr
isprint
memchr
wcslen
sprintf
strstr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
__p__fmode
__set_app_type
gmtime
_iob
_stat
__CxxFrameHandler
??0exception@@QAE@ABQBD@Z
_mbsicmp
isgraph
isalnum
_mbsnbicmp
_except_handler3
_CxxThrowException
_controlfp

kernel32

GetVersion
GetFileType
GlobalMemoryStatus
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
Sleep
GetLocalTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetCurrentProcessId
ReleaseMutex
CreateMutexA
lstrcpyA
SetCurrentDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryA
PulseEvent
GetTickCount
VirtualProtect
FileTimeToSystemTime
InterlockedDecrement
GetExitCodeThread
GetCurrentThreadId
GetLastError
FreeLibrary
LocalFree
FreeConsole
InterlockedIncrement
GetVolumeInformationA
WideCharToMultiByte
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CreateFileA
SetFileTime
FindFirstFileA
GetSystemDirectoryA
GetConsoleWindow
SetConsoleTextAttribute
AllocConsole
GetStdHandle
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
MulDiv
GetSystemInfo
GetPrivateProfileIntA
lstrcpynA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
DeleteFileA
CreateDirectoryA
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
IsBadReadPtr
lstrlenA
SetEvent
PeekNamedPipe
ReadFile
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
WriteFile
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
CreateThread
CreateEventA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
ShowWindow
CloseWindow
DestroyWindow
SetWindowPos
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExA
DefWindowProcA
RegisterClassExA
wsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
LoadMenuA
GetMenuItemID
SetMenuItemBitmaps
SetWindowRgn
FillRect
GetWindowDC
FindWindowA
MonitorFromWindow
GetCapture
GetClassLongA
SetClassLongA
SetTimer
SetForegroundWindow
GetMessagePos
GetMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
SetParent
HideCaret
GetUpdateRect
GetClipboardData
IsMenu
GetFocus
EqualRect
InvalidateRgn
SetCursor
LockWindowUpdate
UpdateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
GetKeyState
ClientToScreen
AppendMenuA
RedrawWindow
IsIconic
DrawIcon
GetWindowLongA
SetWindowLongA
GetDlgCtrlID
SetWindowsHookExA
CreateMenu
GetMenuItemInfoA
CheckMenuItem
SetMenu
DeleteMenu
GetSubMenu
GetMenuStringA
GetMenuItemCount
RemoveMenu
InsertMenuA
CreatePopupMenu
LoadBitmapA
SystemParametersInfoA
IsZoomed
PostMessageA
SetMenuInfo
MessageBoxA
GetWindow
LoadImageA
ReleaseCapture
SetCapture
LoadCursorA
IsWindowVisible
GetScrollBarInfo
GetSysColor
GetSystemMetrics
GetDC
ReleaseDC
DestroyIcon
CopyRect
OffsetRect
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
InflateRect
GetParent
InvalidateRect
GetClientRect
DrawIconEx
LoadIconA
SendMessageA
EnableWindow
CloseClipboard
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CombineRgn
CreateRectRgnIndirect
Rectangle
SelectObject
StretchBlt
GetObjectA
GetTextExtentPoint32A
DeleteObject
CreateSolidBrush
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
GetStockObject
CreatePen
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
Ellipse
Polygon
DeleteDC
GetTextMetricsA
RoundRect
CreateDCA

advapi32

RegOpenKeyA
CryptDestroyHash
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegCreateKeyA
CryptDestroyKey
CryptExportKey
CryptReleaseContext

shell32

StrStrIA
SHFileOperationA
SHGetFileInfoA
SHChangeNotify
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Draw

ole32

CreateILockBytesOnHGlobal
CoInitialize
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject

gdiplus

GdipFillPath
GdipTransformPath
GdipCreatePath
GdipSetLineColors
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipAddPathPieI
GdipSetSolidFillColor
GdipSetInterpolationMode
GdipAddPathEllipseI
GdipFillRectangle
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateRegionPath
GdipDrawLineI
GdipFillPolygonI
GdipDrawEllipseI
GdipFillEllipseI
GdipSetMatrixElements
GdipDeletePath
GdipDeleteMatrix
GdipDrawLine
GdipDrawArc
GdipDeleteGraphics
GdipReleaseDC
GdipCloneImage
GdipDrawArcI
GdipSetPenColor
GdipCreatePen1
GdipDeletePen
GdipCloneBitmapAreaI
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateLineBrushFromRectWithAngle
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipAddPathArc
GdipAddPathLine
GdipCloneBrush
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipFree
GdipFillPieI
GdipFillRectangleI
GdipCreateSolidFill
GdipFillPolygon
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawImageRectI

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??_7bad_alloc@std@@6B@
?_Xran@std@@YAXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Xlen@std@@YAXXZ
??_7logic_error@std@@6B@
wctype
??_7out_of_range@std@@6B@
??1logic_error@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@ios_base@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

ws2_32

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetReadFile
HttpSendRequestA
InternetCloseHandle

crypt32

CertNameToStrA
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab5ea2f358a4f45e539751a7a359417a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

msvcp60

ws2_32

wininet

crypt32

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 332KB - Virtual size: 332KB

.data Size: 304KB - Virtual size: 304KB

.vmp0 Size: 3.5MB - Virtual size: 3.5MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.rsrc Size: 343KB - Virtual size: 343KB

.l1 Size: 40KB - Virtual size: 40KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 332KB - Virtual size: 332KB

.data
Size: 304KB - Virtual size: 304KB

.vmp0
Size: 3.5MB - Virtual size: 3.5MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.rsrc
Size: 343KB - Virtual size: 343KB

.l1
Size: 40KB - Virtual size: 40KB