3706bcf44783d9c3b436e596df60b6c11b7902ee928e3c671b7b564628285dfe

Sharing

Copy URL Twitter E-mail

General

Target

3706bcf44783d9c3b436e596df60b6c11b7902ee928e3c671b7b564628285dfe
Size

5.8MB
MD5

fdbec0f2d905868b2e18cf25350b9b9e
SHA1

f3c9d7d79cecc8a9ec2d6195ff2d88a2d1fb5f8f
SHA256

3706bcf44783d9c3b436e596df60b6c11b7902ee928e3c671b7b564628285dfe
SHA512

ca1c3ba4f0d8dbee9cd82054ee8e04d7060aa807241fab00706ae4d6856feb3077378e4094849710c9070c2f00187d311d92faa5dd5c51996eaf52ebea20fedd
SSDEEP

98304:ida6f1U+9NtH9voCPDvHsrtwpNH//YZSfKUV87wSzmQWcAcCaBHVHEkoGSLpYX1:oq+9NttoCLvM5wp5AWd67hnWeCaZVHGm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3706bcf44783d9c3b436e596df60b6c11b7902ee928e3c671b7b564628285dfe

Files

3706bcf44783d9c3b436e596df60b6c11b7902ee928e3c671b7b564628285dfe
.dll windows:6 windows x86

e8ec5c145c7439769f24d45a930ce244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
CloseHandle

pddjson

?GetJsonValueToInt@pdd_json@@YAHABVValue@Json@@PBD1@Z
?GetJsonValueToInt64@pdd_json@@YA_JABVValue@Json@@PBD1@Z
?GetJsonValueToBool@pdd_json@@YA_NABVValue@Json@@PBD1@Z
?GetJsonValueToString@pdd_json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@Json@@PBD1@Z
?GetJsonValueToUInt@pdd_json@@YAIABVValue@Json@@PBD1@Z

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
_Xtime_get_ticks
_Thrd_sleep
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Query_perf_frequency
_Query_perf_counter
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memchr
memcpy
_except_handler4_common
memset
_CxxThrowException
__std_terminate
memmove
__std_type_info_destroy_list
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
terminate
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

tolower
strncmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_except1
_isnan
modf
_dtest
_finite

Exports

Exports

??0IPDDLoginSDKMgr@PDDLoginSDK@@QAE@$$QAV01@@Z
??0IPDDLoginSDKMgr@PDDLoginSDK@@QAE@ABV01@@Z
??0IPDDLoginSDKMgr@PDDLoginSDK@@QAE@XZ
??4IPDDLoginSDKMgr@PDDLoginSDK@@QAEAAV01@$$QAV01@@Z
??4IPDDLoginSDKMgr@PDDLoginSDK@@QAEAAV01@ABV01@@Z
??_7IPDDLoginSDKMgr@PDDLoginSDK@@6B@
?GetInstance@IPDDLoginSDKMgr@PDDLoginSDK@@SAPAV12@XZ

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e8ec5c145c7439769f24d45a930ce244

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

pddjson

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 4KB

.vmp0 Size: 2.0MB - Virtual size: 2.0MB

.vmp1 Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 6KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 2.0MB - Virtual size: 2.0MB

.vmp1
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 6KB - Virtual size: 6KB