18e535461d43e61a3494d7a4066c1ec5cde356e3c6660865c23b2c649432416b

Sharing

Copy URL Twitter E-mail

General

Target

18e535461d43e61a3494d7a4066c1ec5cde356e3c6660865c23b2c649432416b
Size

7.4MB
MD5

819b379fe21c392f4f79d9cc197c4f6d
SHA1

be5a47039bf2aeae147565a18dd3351ce5a08b3a
SHA256

18e535461d43e61a3494d7a4066c1ec5cde356e3c6660865c23b2c649432416b
SHA512

9e77e7b15137718fce0a02b0b4382ccfdec26a5bf3bee5f1c05bddf00788ff6b69d25f519efbee5489037322ae54bb7657d43eecbc28b4f77a8386720a8959d8
SSDEEP

196608:x9CH9bZwO9JjIyfrcTf1VU4AZsi+ARNQN/VW5Vgp:xgbZwOlwTTUtWnNkLq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18e535461d43e61a3494d7a4066c1ec5cde356e3c6660865c23b2c649432416b

Files

18e535461d43e61a3494d7a4066c1ec5cde356e3c6660865c23b2c649432416b
.dll windows:5 windows x86

f9dc9581572ca0f01044aaa554c38991

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetFileAttributesW
GetVolumeInformationW
ResumeThread
GetExitCodeThread
WaitForSingleObject
SetEndOfFile
GetModuleHandleA
lstrcpynW
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
LocalFree
GetProcessHeap
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
CreateFileA
GetFullPathNameA
SetStdHandle
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
InterlockedIncrement
DosDateTimeToFileTime
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetOEMCP
HeapDestroy
HeapCreate
GetLocaleInfoW
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetSystemTime
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
PeekNamedPipe
FormatMessageA
SleepEx
SetLastError
FindResourceExW
GetCurrentThread
DecodePointer
EncodePointer
InterlockedExchange
GetFileType
DuplicateHandle
CreateDirectoryW
GetCurrentProcess
IsValidLocale
SystemTimeToFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
ExitProcess
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
MulDiv
WideCharToMultiByte
GetCurrentDirectoryW
GetACP
InterlockedDecrement
lstrlenW
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
CreateEventW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEvent
GetFileAttributesExW
MultiByteToWideChar
Sleep
CreateThread
GetModuleHandleW
CreateMutexW
FreeLibrary
GetSystemInfo
TlsFree
TlsAlloc
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
TlsSetValue
GetTickCount
FlushFileBuffers
WriteFile
SetFilePointer
TlsGetValue
GetCurrentThreadId
GetFileSize
GetModuleFileNameW
DeleteFileW
CreateFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
EnumSystemLocalesA
GetVersionExW
GetVersion
LoadLibraryA
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
LocalAlloc
LocalFree
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
ExitProcess
VirtualQuery
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

RegisterClassExW
CreateWindowExW
DefWindowProcW
PeekMessageW
TranslateMessage
CharPrevW
SetWindowsHookExW
UnhookWindowsHookEx
InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
CreateCaret
DestroyWindow
IsWindow
SetRect
DrawTextW
DispatchMessageW
PostQuitMessage
SetWindowLongW
PostMessageW
ShowCaret
CallWindowProcW
SetWindowPos
SetFocus
GetKeyState
ShowWindow
GetProcessWindowStation
GetWindow
EnableWindow
GetMessageW
GetWindowRect
GetParent
GetMonitorInfoW
MonitorFromWindow
IsIconic
SendMessageW
LoadCursorW
RegisterClassW
GetClassInfoExW
SetPropW
GetPropW
GetClientRect
OffsetRect
UnionRect
wvsprintfW
SetCursor
ReleaseDC
GetDC
SetTimer
KillTimer
ScreenToClient
GetActiveWindow
BeginPaint
FillRect
CloseClipboard
GetClipboardData
EndPaint
IsRectEmpty
GetUpdateRect
IsWindowVisible
HideCaret
SetCaretPos
GetSysColor
GetWindowLongW
GetUserObjectInformationW
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetCaretPos
GetCaretBlinkTime
IntersectRect
MapWindowPoints
GetCursorPos
PtInRect
GetWindowTextLengthW
SetWindowTextW
MessageBoxA
MoveWindow
GetFocus
InvalidateRect
NotifyWinEvent
SetCapture
ReleaseCapture
CharNextW
IsZoomed
SetWindowRgn
MessageBoxW
ClientToScreen
CharUpperBuffW
MessageBoxW

gdi32

CreatePatternBrush
SetTextColor
SetBkMode
GetObjectA
CreateRoundRectRgn
GetTextMetricsW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW
CreateDIBSection
MoveToEx
LineTo
RoundRect
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateCompatibleDC
CreatePenIndirect

advapi32

ReportEventA
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceA
RegCloseKey
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
RegCloseKey

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CoCreateGuid
CoLoadLibrary
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

gdiplus

GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateStringFormat
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteFontFamily
GdipGetFamily
GdipDrawString
GdipDrawImageRectI
GdipGraphicsClear
GdipDrawImage
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageWidth
GdipGetImageHeight
GdipImageSelectActiveFrame
GdipLoadImageFromStream
GdipCreateFontFromLogfontA

comctl32

ord17
_TrackMouseEvent

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW

oleacc

LresultFromObject

imm32

ImmGetContext
ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord200
ord32
ord35
ord30
ord33
ord27
ord41
ord46
ord26
ord50
ord22
ord211
ord143
ord79
ord60
ord301

ws2_32

sendto
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
recvfrom
accept
listen
ioctlsocket
gethostname
shutdown
htonl
getservbyname
gethostbyname
getaddrinfo

wtsapi32

WTSSendMessageW

Exports

Exports

DeleteAliAuthSDKInstance
GetAliAuthSDKInstance
�Qb�`�cA��MrEϟgR䭪O`��e��.9"��V� V�g[A�u �Om�N�ܔX.�4\e[n\5>�� ж0�RI�~Vh@�8n��~��A��:��JB cp>��a��7.c^7�K��r��-"��-j�@g�f`~��/��ю�E]w�P��e�8��̌�OE!+�n��P��Wa�ơp��0��8�]�Vѝ�q�ѭ��H+~*�i��K��?Y�X�&e�TsTh�k��;�V+��ꎬ�h��k�w��{��M��>��X�a��(z��e��K��f[ `?�C��?,{�.�Ȫ�hP��-,��"멄�ˑ�4��ng��a0��{��Q�k:��$okY� #�z��U��X�`��h��U�~�9�|�N��6�e��y(euIc��(h�knЃ<Bn�a�g䝹�$�f��P�o"�V��N[�|"�1�M��d!8��2��^� ��-Sͽl¶i�G��%�z��/��)�]�mTF_�j3�B��L约x7�Z>D��_t��@q�Hͨ��؟o�{#C�@/Q%�}��I+[+��67��$� �P��W�D ��K�"�ZmQ��Ë̾�xO�/x ��JVX�×��FLv3>�1�!��@��y��Gc�O�!��O5k�2��I4��b��r��*HV�B,OP��,J��n�^P��i=A��K;V�L�v�� Qϩx�)v�ՌI�l0�l�b�͈�:��!��1ޭ��. +��4͐r��7��Nz�ڻ��f�h��j�2;�Q�n��@,��J��3�ѥ4�Ce��ʅO�>�5��l��~?"�%�8�d[O�/C��Kv/��N,��kK��A|�NE+l1h ^�U5}7��o�{�B X�>$��VD��b��lh8��,-_w��u�=��J_��h��IHN��}{B��J��?��%*��ρu<�wסּ��g�3[+p�X��8��e�\ }<D��'�G9��-��xHO��pˍ��6riEh+��ԋ�4;�7>�G�Q�1AؚN�8^�i�d�wd��E^�u;��cّ#��!�ͫs(��^�'��T� �B3 ��y��S�HM/�AC$��@u�N9�y-V�"{G ن%��e�)��$�MΒ�[�Py��1��ֵ��~��ٛyj]H:�~A��3��1hU��+A;�@d�23G��K�ƫX�D;�,��D�:�ᑗ��I[:*��hSe��%ؒ�m�w�8o�S J��X��w�� v��l�[ƅb��v�s�iEV?RC��pt��bqPQ{/xllJ�QF�Nq9��v�|)�<}p3��h��H:r��?@��`��(��aI�;�ϠR~z�R�惧�g�u��[Y�ݨ��z۟��y 4?}+v��łzB�P��|Ƃ�/�g�<��Ĵ��f�^��Y�W� ;�`;��~_��R��c�WJ䦢VϿȍ"�weLȽۊ�:<�Z�"�W�#̅u�3P��W�J)��V��J��1��*��9ճ�H�de� ��~@q0��U~p6��*84��G�e��c[�)��Z�J1��ﻗ>kN�P0�z#��4M(��r��s��qk�p�oA9��wֈ��G;6��Ir*��y2r��d6��.9�#�IT/wg ��1�S�-e��ī|�aݼ�T�bzr�H�@�n΄�x�2L6��\�g��om� Y��G#��%��4B��0E��V�Т("W�\/>�Ni�C'p ��Y�E�}�T��r�8�$2�^y��Fe^��O��kW�M�H��~{gt8`��a��f��b��\S��2��U��:C s��Iڧ��4'��Ե��<�d9�CݧT��ވ�%w�-��wj��&$�)̛R� ��`G�{�(��J��E��d�nO"O��0MJWoS�^׹��g~,:-�-��'��*�5L�7rA*�|�@�>g.m�YZ�mަdl�Ƶ��ж��X�d��fX�O�K�k�3ߪ�7l7��r0A�b]T��@-�2N�86�X��8'�P؈��pn��68eݓ��.�� {�� de��T��o��~`!�&�;��rvᆶ�ЅF \�<��^��T^jbC�Q��!�պ�.?B#썧RV"L�$�}'��Q<��Q��*X�oq4E9�L�ZtTx�7�*[�m�� pH�E�<}�݂�pX��M�CxgEi�cɉ"��6hg��~��=H(t��T�2�h4��m'��a :��?��5��X��2��eX�2ܣ��Q�J�Ed�Il }�oF*p��!?i㺃�QBͯ��9��8+�`��e�1�B� Q��Y��Ƕ�v0<VNL�/�̅��ě��"%�[Ŏ�iQ^�U�l��j��Ns�sI��k�Μ�U��R�t��'��*�@�M��`��ݙu�!�!RP +a�ȯb��*��\�� ҭ\��T��G� ��Qs"F@�y7��21�^s:B�H��`��<_.Z��g��pO��]%A�㵅$�{7�I��g�k�Tto�"��h��C��/DK��<.� v�Yg��X6;!�1;䈞߷��=�N\�H��'y�W�S��Jڲ&��SGXV��O�#��W&��w�fA�O�Y��i�6�z�NT��H�]��w=B�?�d蕔��æ�P�=�+i��h ��w�q%��C<Xr�'�wK��h�}g�X� � �)��\�|�*��+��A��7jx9�H��)��D�t�i�xF��Ϸ�<��A��J҄G��F�Y��B�Jc

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9dc9581572ca0f01044aaa554c38991

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

comctl32

wininet

oleacc

imm32

wldap32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 456KB - Virtual size: 456KB

.data Size: 76KB - Virtual size: 76KB

.vmp0 Size: 2.1MB - Virtual size: 2.1MB

.vmp1 Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 19KB - Virtual size: 19KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 76KB - Virtual size: 76KB

.vmp0
Size: 2.1MB - Virtual size: 2.1MB

.vmp1
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 19KB - Virtual size: 19KB