eb3428b6cf1c4a7fd3272bf215608a846642dcc1aecc3e67d32ce093d348eb8d

Sharing

Copy URL Twitter E-mail

General

Target

eb3428b6cf1c4a7fd3272bf215608a846642dcc1aecc3e67d32ce093d348eb8d
Size

8.4MB
MD5

110004a32fef00e5f30b9af4dfefd27e
SHA1

9bae2f6a5ba2b9ee03b15bf53e94ccfe6bcff955
SHA256

eb3428b6cf1c4a7fd3272bf215608a846642dcc1aecc3e67d32ce093d348eb8d
SHA512

b94c632aae14a70f573b76bb8e48b12bfd9b1ec451cabc0e9d144ca70bc440ef50ae0108d2e2e5bedcdc443a210606189153b6916e0d302108700de7e4e64523
SSDEEP

196608:FWhFXGFmPUKfktkKTWK05Y/ppSUevpSQ+Yx/ysIapO:FkFWF9r05bUevpLJx/yslO

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb3428b6cf1c4a7fd3272bf215608a846642dcc1aecc3e67d32ce093d348eb8d

Files

eb3428b6cf1c4a7fd3272bf215608a846642dcc1aecc3e67d32ce093d348eb8d
.exe windows:6 windows x86

44b492e93010f1b6be57bb18af4eac18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
ResetEvent
CreateThread
SetEvent
Sleep
CreateEventW
SetThreadPriority
VirtualQuery
WideCharToMultiByte
CopyFileW
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemInfo
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
CloseHandle
GlobalFlags
GetFileAttributesExW
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
WaitForSingleObject
FindClose
TerminateProcess
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
FindFirstFileW
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
LoadResource
LockResource
FreeResource
GetCurrentThreadId
SizeofResource
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
IsDebuggerPresent
GetModuleFileNameW
GetTickCount
CreateMutexW
OpenMutexW
ExitProcess
DeleteFileW
TryEnterCriticalSection
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualAlloc
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetStartupInfoW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetTempFileNameW
GetWindowsDirectoryW
SetErrorMode
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
GetFileTime
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
GetProfileIntW
GetTempPathW
SearchPathW
FindResourceExW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
GetFileSize
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
lstrcpyW
GetThreadLocale
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
CompareStringA
lstrcmpA
GetCurrentThread
FormatMessageW
LocalFree
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
LoadLibraryA
LoadLibraryExW
OutputDebugStringA
EncodePointer
GetModuleHandleA
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadImageW
GetParent
GetDesktopWindow
GetDC
GetSystemMetrics
GetWindowDC
GetClientRect
ReleaseDC
MessageBoxW
AdjustWindowRectEx
UnregisterClassW
EnableWindow
GetWindowRect
SendMessageW
GetKeyState
SetCursor
GetWindow
LoadCursorW
DestroyIcon
IsZoomed
SetRect
GetSystemMenu
CallWindowProcW
GetFocus
IsWindowVisible
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
GetClassInfoExW
IsMenu
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetMenuItemID
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
ShowScrollBar
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
EqualRect
GetClassLongW
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
GetMenuStringW
GetMenuState
RemoveMenu
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
CheckDlgButton
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SystemParametersInfoW
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
CharNextW
CreateDialogIndirectParamW
EndDialog
DrawFocusRect
NotifyWinEvent
LoadMenuW
SendDlgItemMessageA
SetRectEmpty
GetMenuItemInfoW
InflateRect
MonitorFromPoint
GetSysColorBrush
RealChildWindowFromPoint
GetAsyncKeyState
BringWindowToTop
LoadAcceleratorsW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
TrackMouseEvent
CharUpperW
PostThreadMessageW
WaitMessage
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CopyAcceleratorTableW
EnumChildWindows
LockWindowUpdate
SetClassLongW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawIconEx
UnionRect
GetIconInfo
SetCursorPos
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
CopyIcon
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
LoadIconW
HideCaret
InvertRect
GetDoubleClickTime
DestroyCursor
GetComboBoxInfo
GetWindowRgn
SetWindowPos
SetWindowRgn
FillRect
ScreenToClient
MessageBeep
WindowFromPoint
GetScrollPos
DrawIcon
OffsetRect
GetCapture
RedrawWindow
GetScrollRange
CopyRect
GetDlgCtrlID
ClientToScreen
IsChild
GetTopWindow
GetSysColor
IsWindowEnabled
SetMenu
WinHelpW
LoadBitmapW
IsRectEmpty
IntersectRect
SetFocus
GetClassNameW
SetParent
SetCapture
SetScrollRange
SetWindowLongW
KillTimer
SetScrollPos
PtInRect
UpdateWindow
ReleaseCapture
InvalidateRect
IsIconic
GetNextDlgTabItem
IsWindow
ModifyMenuW
GetMenu
GetMenuItemCount
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyMenu
TranslateAcceleratorW
InsertMenuW
CheckMenuItem
AppendMenuW
EnableMenuItem
CreateMenu
GetCursorPos
GetWindowThreadProcessId
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
MoveWindow
SetClipboardData
SetForegroundWindow
CopyImage
GetWindowLongW
DefWindowProcW
PostMessageW
DestroyWindow
GetPropW
CreateWindowExW
RemovePropW
LoadStringW
GetActiveWindow
GetClassInfoW
SetTimer
RegisterClassW
SetPropW
ShowWindow
CharUpperBuffW
MessageBoxW

gdi32

CreateHatchBrush
GetWindowOrgEx
CreatePatternBrush
GetPixel
CreateRectRgn
CreateBitmap
CombineRgn
GetViewportOrgEx
PatBlt
CreateRoundRectRgn
GetTextMetricsW
CreatePen
Rectangle
Ellipse
CreateSolidBrush
CreateEllipticRgn
RoundRect
GetTextExtentPoint32W
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
RealizePalette
GetStockObject
GetDIBits
SetPixel
GetSystemPaletteEntries
SelectPalette
CreatePalette
GetObjectW
SetStretchBltMode
DeleteObject
DeleteDC
SetBkColor
SetTextColor
CopyMetaFileW
CreateDCW
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetLayout
GetWindowExtEx
SetTextAlign
GetDeviceCaps
SetROP2
SetPolyFillMode
SetDIBColorTable
SetPixelV
GetTextFaceW
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
Polyline
Polygon
CreatePolygonRgn
OffsetRgn
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
DPtoLP
SetRectRgn
GetMapMode
GetTextColor
GetBkColor
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetLayout

advapi32

RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHAppBarMessage
Shell_NotifyIconW
DragFinish
DragQueryFileW

ole32

CoInitialize
CoDisconnectObject
CoGetClassObject
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleGetClipboard
OleLockRunning
OleCreateMenuDescriptor
OleUninitialize
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
CoFreeUnusedLibraries
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CLSIDFromString
CoCreateGuid
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoCreateInstance
OleDestroyMenuDescriptor

oleaut32

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageI
GdiplusStartup
GdipGetImageHeight
GdipGetImagePaletteSize
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipSetCompositingMode
GdipSetInterpolationMode

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor

oledlg

OleUIBusyW

ws2_32

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

44b492e93010f1b6be57bb18af4eac18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

msimg32

shlwapi

uxtheme

oledlg

ws2_32

oleacc

imm32

winmm

winspool.drv

wtsapi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 364KB - Virtual size: 364KB

.data Size: 48KB - Virtual size: 48KB

.vmp0 Size: 3.0MB - Virtual size: 3.0MB

.vmp1 Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 176KB - Virtual size: 176KB

.l1 Size: 30KB - Virtual size: 30KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 364KB - Virtual size: 364KB

.data
Size: 48KB - Virtual size: 48KB

.vmp0
Size: 3.0MB - Virtual size: 3.0MB

.vmp1
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 176KB - Virtual size: 176KB

.l1
Size: 30KB - Virtual size: 30KB