17afcb13255840f341c8cf5ba0b4992f8ca5d66760a35e8268382b3548af4887

Sharing

Copy URL Twitter E-mail

General

Target

17afcb13255840f341c8cf5ba0b4992f8ca5d66760a35e8268382b3548af4887
Size

11.8MB
MD5

1c708b9cd77ce60b75d96442ba9c4f0b
SHA1

110523ab3ec1cf646cc12eb4b5792797ed1b2ead
SHA256

17afcb13255840f341c8cf5ba0b4992f8ca5d66760a35e8268382b3548af4887
SHA512

97e84015f2f0ccb146ec8fe7c6438ff0c9904c31be6e9825719587c513528e03fe685b080480d13b638fb0d3241c7753cd53bdb31fd9abb12745517c5fd90ffc
SSDEEP

196608:ilgztKEwBU4ciFWlCUoXyNk8ctoTJ/youAxfAJd4/1aJlTP1CUJsR:ilgztKEwBUQ4lyyNkn+N7fm4/1IlT5sR

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17afcb13255840f341c8cf5ba0b4992f8ca5d66760a35e8268382b3548af4887

Files

17afcb13255840f341c8cf5ba0b4992f8ca5d66760a35e8268382b3548af4887
.exe windows:5 windows x64

2b6b1c5e0dc1c5c900455b47ba0eb6af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

kernel32

RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
VirtualFree
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
EnterCriticalSection
Sleep
FindFirstChangeNotificationW
WaitForSingleObject
FindNextChangeNotification
FindCloseChangeNotification
GetLastError
MultiByteToWideChar
CreateDirectoryW
GetModuleFileNameW
GetTempPathW
DeleteFileW
FindFirstFileW
FileTimeToSystemTime
FindNextFileW
FindClose
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetDiskFreeSpaceExW
SetThreadPriority
SetEvent
CreateFileW
CloseHandle
SystemTimeToFileTime
FileTimeToLocalFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetDriveTypeW
GetVolumeInformationW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
HeapSize
DecodePointer
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
GetTickCount
CreateEventW
WaitForMultipleObjects
GlobalSize
FreeResource
GetSystemInfo
SuspendThread
MoveFileW
GetCurrentThreadId
ResumeThread
FlushFileBuffers
GetFileSize
GetFullPathNameW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
OutputDebugStringA
DuplicateHandle
SetLastError
GetCurrentProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
lstrcmpiW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetThreadLocale
LocalFree
MulDiv
FormatMessageW
CopyFileW
GetCurrentThread
FreeLibrary
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetCurrentProcessId
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
GetProfileIntW
LocalAlloc
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalGetAtomNameW
GetWindowsDirectoryW
GetTempFileNameW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
SearchPathW
VirtualProtect
FindResourceExW
GetCommandLineW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
GetStdHandle
GetFileType
WriteConsoleW
CreateThread
ExitThread
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RealChildWindowFromPoint
IntersectRect
IsRectEmpty
SetRect
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
MapWindowPoints
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
UnhookWindowsHookEx
ShowOwnedPopups
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
IsWindowEnabled
WaitMessage
PostQuitMessage
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
CharUpperW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetActiveWindow
IsWindowVisible
PeekMessageW
InflateRect
GetWindow
MoveWindow
AdjustWindowRectEx
ClientToScreen
EndPaint
BeginPaint
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
SystemParametersInfoW
ScreenToClient
GetCursorPos
ReleaseCapture
SetCapture
EnumDisplaySettingsW
IsWindow
GetDlgCtrlID
GetWindowTextW
GetClassNameW
DispatchMessageW
TranslateMessage
GetMessageW
EnumChildWindows
CreateCursor
DestroyCursor
EnumDisplayMonitors
WindowFromPoint
CopyImage
DeleteMenu
InvalidateRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SendDlgItemMessageA
DestroyIcon
DestroyMenu
GetMenuItemInfoW
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
CreatePopupMenu
CharUpperBuffW
ModifyMenuW
InsertMenuItemW
SetRectEmpty
LoadImageW
GetWindowRgn
DestroyWindow
CreateMenu
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongPtrW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
GetKeyState
PtInRect
EqualRect
ShowWindow
BringWindowToTop
SetForegroundWindow
wsprintfW
LoadIconW
GetWindowLongW
SetWindowLongW
DrawFrameControl
GetClientRect
SendMessageW
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
KillTimer
GetKeyboardState
ToUnicode
EnableWindow
UnionRect
OffsetRect
SetCursor
LoadCursorW
PostThreadMessageW
PostMessageW
UnregisterClassW
CopyRect
DrawEdge
DrawStateW
SetLayeredWindowAttributes
GetDC
ReleaseDC
GetWindowRect
GetDesktopWindow
LockWindowUpdate
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
GetIconInfo
DrawIconEx
DrawFocusRect
SetParent
GetSystemMenu
MapVirtualKeyW
GetKeyNameTextW
GetMenuDefaultItem
ReuseDDElParam
AppendMenuW
UnpackDDElParam
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SetEnhMetaFileBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
CreateSolidBrush
SetWinMetaFileBits
GetTextFaceW
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextMetricsW
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteEnhMetaFile
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
CreateBitmap
DeleteObject
GetTextExtentPointA
GetTextMetricsA
SelectObject
SetStretchBltMode
GetObjectW
GetDIBits
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
EndPage
StartPage
DeleteDC
GetDeviceCaps
StretchDIBits
StartDocW
EndDoc
CreateFontW
EnumFontFamiliesW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumValueW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW

shell32

DragFinish
ShellExecuteExW
ShellExecuteW
SHFileOperationW
DragQueryFileW
SHGetSpecialFolderPathW
DragAcceptFiles
SHGetPathFromIDListW
SHGetDesktopFolder
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetFileInfoW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemePartSize
IsAppThemed
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText
CloseThemeData

ole32

CreateStreamOnHGlobal
IsAccelerator
StgOpenStorageOnILockBytes
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
CoDisconnectObject
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoInitializeEx
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

oledlg

OleUIBusyW

ws2_32

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

wininet

InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetQueryDataAvailable
HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
HttpOpenRequestW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdiplusStartup
GdiplusShutdown
GdipSetPropertyItem
GdipGetPropertyItem
GdipGetPropertyIdList
GdipGetPropertyCount
GdipLoadImageFromStream
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipSaveImageToFile
GdipGetPropertyItemSize
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipBitmapUnlockBits
GdipGetImageThumbnail
GdipRemovePropertyItem
GdipLoadImageFromFile
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipFree

libraw64

?clearCancelFlag@LibRaw@@UEAAXXZ
??0LibRaw@@QEAA@I@Z
?open_file@LibRaw@@QEAAHPEBD_J@Z
?open_datastream@LibRaw@@UEAAHPEAVLibRaw_abstract_datastream@@@Z
?open_bayer@LibRaw@@UEAAHPEAEIGGGGGGEEIII@Z
?unpack@LibRaw@@QEAAHXZ
?unpack_thumb@LibRaw@@QEAAHXZ
?dcraw_process@LibRaw@@QEAAHXZ
?dcraw_make_mem_image@LibRaw@@UEAAPEAUlibraw_processed_image_t@@PEAH@Z
?dcraw_make_mem_thumb@LibRaw@@UEAAPEAUlibraw_processed_image_t@@PEAH@Z
?recycle@LibRaw@@QEAAXXZ
??1LibRaw@@UEAA@XZ
?get_decoder_info@LibRaw@@UEAAHPEAUlibraw_decoder_info_t@@@Z
?setCancelFlag@LibRaw@@UEAAXXZ
?adobe_coeff@LibRaw@@UEAAXPEBD0H@Z
?is_phaseone_compressed@LibRaw@@MEAAHXZ
?is_canon_600@LibRaw@@MEAAHXZ
?copy_fuji_uncropped@LibRaw@@MEAAXQEAGPEAG@Z
?copy_bayer@LibRaw@@MEAAXQEAGPEAG@Z
?fuji_rotate@LibRaw@@MEAAXXZ
?convert_to_rgb_loop@LibRaw@@MEAAXQEAY03M@Z
?lin_interpolate_loop@LibRaw@@MEAAXQEAY1BA@CA@HH@Z
?scale_colors_loop@LibRaw@@MEAAXQEAM@Z
?fuji_decode_loop@LibRaw@@MEAAXPEBUfuji_compressed_params@@HPEA_JPEAI@Z

winmm

PlaySoundW
timeGetTime

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b6b1c5e0dc1c5c900455b47ba0eb6af

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

imm32

gdiplus

libraw64

winmm

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 288KB - Virtual size: 288KB

.pdata Size: 180KB - Virtual size: 180KB

.vmp0 Size: 1.3MB - Virtual size: 1.3MB

.vmp1 Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 25KB - Virtual size: 25KB

.l1 Size: 37KB - Virtual size: 37KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 288KB - Virtual size: 288KB

.pdata
Size: 180KB - Virtual size: 180KB

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

.vmp1
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 25KB - Virtual size: 25KB

.l1
Size: 37KB - Virtual size: 37KB