6c89f2c308c55a9872ca32032f15cb92e9d2913ca4d1f279b793f75815e1e540

Sharing

Copy URL

Twitter E-mail

General

Target

6c89f2c308c55a9872ca32032f15cb92e9d2913ca4d1f279b793f75815e1e540
Size

14.9MB
MD5

4b6c4bbbe39fad8bda74fce8ddbd2abe
SHA1

6adfae65e686cc16d18aba3a9f62081d7013bcf0
SHA256

6c89f2c308c55a9872ca32032f15cb92e9d2913ca4d1f279b793f75815e1e540
SHA512

5ad21da5ba0dc1b340bc22ac44a533ad3cfb6c937fdb18043ce0bf2a51df36f883945f264fe71a8dcffd04cb695d4b66ed4a193294c9f3f2e64240e697b2c91f
SSDEEP

393216:IgNFZErKTkzvMJD2X8044zSONJjPF2UcSQYB7g4UlIyqE:PM5DMJ684LgUYsM4ro

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c89f2c308c55a9872ca32032f15cb92e9d2913ca4d1f279b793f75815e1e540

Files

6c89f2c308c55a9872ca32032f15cb92e9d2913ca4d1f279b793f75815e1e540
.dll windows:5 windows x64

20fa4098df2c3fb22005a05a0bc3eac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

send
recv
closesocket
shutdown
getnameinfo
WSAGetLastError
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind

winmm

timeGetTime

wldap32

ord219
ord145
ord46
ord14
ord216
ord208
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

shlwapi

SHSetValueW
SHGetValueA
SHDeleteKeyW
PathRemoveFileSpecW
SHEnumKeyExA
SHDeleteKeyA
SHSetValueA

psapi

GetMappedFileNameW
InitializeProcessForWsWatch
GetModuleInformation
GetWsChangesEx

kernel32

GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
WaitForSingleObject
Sleep
GetTickCount
GetTickCount64
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
MultiByteToWideChar
GetLastError
GetSystemDirectoryW
CreateDirectoryW
GetFileAttributesW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
TerminateThread
ReadFile
CloseHandle
GetSystemTimeAsFileTime
CreateFileW
DeleteFileW
GetACP
GetCurrentThreadId
SetLastError
OpenEventW
VirtualAlloc
VirtualFree
SetFilePointer
GetSystemTime
SystemTimeToFileTime
LockResource
GlobalUnlock
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
CreateThread
ResumeThread
SetEvent
WaitForMultipleObjects
CreateEventW
LoadLibraryA
IsBadReadPtr
GetCurrentProcess
GetFileSize
UnmapViewOfFile
CreateFileMappingW
CreateFileA
MapViewOfFileEx
OpenProcess
DuplicateHandle
GetWindowsDirectoryW
RtlCaptureStackBackTrace
GetCurrentThread
CreateMutexA
VirtualQueryEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualUnlock
VirtualProtect
VirtualProtectEx
SleepEx
InterlockedPushEntrySList
SetThreadAffinityMask
VerifyVersionInfoW
MoveFileExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleExW
WriteFile
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CreateSemaphoreW
lstrcmpiW
LoadLibraryExA
FindResourceA
GetFileAttributesA
OpenThread
GetLocalTime
OpenMutexW
OpenSemaphoreW
GetThreadTimes
SuspendThread
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetModuleFileNameA
SetFileAttributesW
DeviceIoControl
SetThreadPriority
MapViewOfFile
HeapSize
GetSystemInfo
FlushInstructionCache
VirtualQuery
GetThreadContext
SetThreadContext
LoadLibraryExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
TryEnterCriticalSection
WaitForSingleObjectEx
InterlockedFlushSList
QueryDepthSList
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetProcessAffinityMask
FreeLibrary
InterlockedPopEntrySList
UnregisterWaitEx
RtlUnwindEx
ExitThread
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
HeapAlloc
HeapFree
HeapReAlloc
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
VerSetConditionMask
GetVersionExW

user32

GetLastInputInfo
GetSystemMetrics
GetCursorPos
MessageBoxA
GetDC
EnumDisplayDevicesW
GetAsyncKeyState
GetWindowThreadProcessId
EnumWindows
GetParent
ReleaseDC
wsprintfW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
wsprintfA

gdi32

SetTextAlign
SetTextColor
SelectObject
CreateFontW
GetDeviceCaps
DeleteObject
TextOutW

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid
StringFromGUID2

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
StartServiceW
OpenServiceW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfigW
EnumServicesStatusExW
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
CloseServiceHandle
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA

bcrypt

BCryptGenRandom

setupapi

SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

Exports

Exports

CreateObject

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20fa4098df2c3fb22005a05a0bc3eac2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

wldap32

version

shlwapi

psapi

kernel32

user32

gdi32

shell32

ole32

advapi32

bcrypt

setupapi

wintrust

crypt32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 452KB - Virtual size: 452KB

.pdata Size: 152KB - Virtual size: 152KB

.detourc Size: 12KB - Virtual size: 12KB

.detourd Size: 4KB - Virtual size: 4KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.vmp1 Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 17KB - Virtual size: 17KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 452KB - Virtual size: 452KB

.pdata
Size: 152KB - Virtual size: 152KB

.detourc
Size: 12KB - Virtual size: 12KB

.detourd
Size: 4KB - Virtual size: 4KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.vmp1
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 17KB - Virtual size: 17KB