206c43a01d66dc65325a3ad3b986c8af27fcbb60f442a35c69cbe93b07204c66

Sharing

Copy URL Twitter E-mail

General

Target

206c43a01d66dc65325a3ad3b986c8af27fcbb60f442a35c69cbe93b07204c66
Size

2.0MB
MD5

ea2755b74162fcffe9cbb2bcb2e594cc
SHA1

eba17358feabcda2e8e6da7651b551dcef7ad27b
SHA256

206c43a01d66dc65325a3ad3b986c8af27fcbb60f442a35c69cbe93b07204c66
SHA512

1f2da3f4d7344a4ab978bc21211d52866031a2739db3250735625f510292d3b51d7485e808eb83230c18222b17305b63700f2a0cc89976764d3ce9b64ec6c147
SSDEEP

49152:285+wFFRzBOIUcpJbOG+wD1RUVa7hcLnB/:2eVFhPUcpJbOGFD1RUVakB

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
206c43a01d66dc65325a3ad3b986c8af27fcbb60f442a35c69cbe93b07204c66

Files

206c43a01d66dc65325a3ad3b986c8af27fcbb60f442a35c69cbe93b07204c66
.dll windows:5 windows x86

3dcf2b86e440de688f9209556af5d002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetCommandLineA
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
SetErrorMode
DeleteCriticalSection
HeapSize
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualFree
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetThreadPriority
VirtualProtectEx
FlushInstructionCache
GetThreadContext
VirtualAlloc
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalUnlock
GlobalFree
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
SetLastError
lstrcmpW
lstrlenA
DeviceIoControl
GetSystemDirectoryA
CreateThread
DeleteFileA
WriteProcessMemory
OpenFileMappingA
GetTempPathA
GetCurrentProcessId
CloseHandle
GetVersionExA
OutputDebugStringA
GetCurrentThreadId
WaitForDebugEvent
CreateToolhelp32Snapshot
VirtualProtect
LoadLibraryExA
GetModuleHandleA
FindNextFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
OpenEventA
LockResource
Process32Next
OpenThread
LoadLibraryA
GetLocalTime
GetPrivateProfileStringA
FindClose
EnterCriticalSection
GetProcAddress
GetLastError
FindFirstFileA
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
ReadFile
TerminateProcess
CreateProcessA
LeaveCriticalSection
ReadProcessMemory
SizeofResource
InitializeCriticalSectionAndSpinCount
TerminateThread
LoadLibraryW
WideCharToMultiByte
OpenProcess
WriteFile
VirtualQueryEx
GetWindowsDirectoryA
CreateRemoteThread
GetCurrentThread
Process32First
GetCurrentProcess
LoadLibraryExW
LoadResource
FreeLibrary
VirtualQuery
DebugActiveProcessStop
MoveFileExA
GetNativeSystemInfo
FindResourceA
CreateMutexW
GetFileSize
CreateFileA
IsDebuggerPresent
Sleep
GetSystemInfo
GetTickCount
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
IsWindowEnabled
SetCursor
PostQuitMessage
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
RegisterClassA
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
PostMessageA
SetWindowsHookExA
CallNextHookEx
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SetParent
GetClientRect
GetDlgItem
GetSysColorBrush
SetWindowTextA
EnableWindow
SetWindowsHookExW
GetClassNameA
RegisterClassExA
wsprintfA
FindWindowExA
wsprintfW
MessageBoxA
CreateWindowExA
SendMessageTimeoutA
EnumChildWindows
ShowWindow
GetClassInfoA
MessageBoxW
GetForegroundWindow
GetSysColor
GetWindowThreadProcessId
MessageBoxExA
DestroyMenu
LoadCursorA
UnregisterClassA
IsDialogMessageA
SetDlgItemTextA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
AdjustWindowRectEx
TabbedTextOutA
CharUpperBuffW
MessageBoxW

gdi32

DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
OpenSCManagerA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenServiceA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
RegQueryValueExA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shlwapi

PathFileExistsA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

iphlpapi

GetExtendedTcpTable

psapi

GetModuleFileNameExW
GetModuleFileNameExA

winmm

timeGetTime

ws2_32

gethostbyname
WSAIoctl
gethostname
WSAStartup
inet_addr
WSAGetLastError
WSAConnect
htons
getsockname
recv
bind
socket
inet_ntoa
ntohs

wtsapi32

WTSSendMessageW

Exports

Exports

CheckCilent
GetTipsDlgHwnd
JindFuction

Sections

.text
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 719KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dcf2b86e440de688f9209556af5d002

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

wininet

iphlpapi

psapi

winmm

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 272KB

.rdata Size: - Virtual size: 58KB

.data Size: - Virtual size: 719KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 4KB - Virtual size: 51KB

.text
Size: - Virtual size: 272KB

.rdata
Size: - Virtual size: 58KB

.data
Size: - Virtual size: 719KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 4KB - Virtual size: 51KB