6037bbb3fd04e6cb2dfcfc3b36ec8d0e66375d586dadb0ee8c6769dd1470fa12

Sharing

Copy URL Twitter E-mail

General

Target

6037bbb3fd04e6cb2dfcfc3b36ec8d0e66375d586dadb0ee8c6769dd1470fa12
Size

11.1MB
MD5

d0bd497f5c16cd8456e0022ef5e0da8c
SHA1

fa271f2aba03021b5916bb3152b7b7ea8a1b43b8
SHA256

6037bbb3fd04e6cb2dfcfc3b36ec8d0e66375d586dadb0ee8c6769dd1470fa12
SHA512

4ef9661c6f06209734cef372ccb42b21942914fe38b93152eea6e5e0e33eb026ab5ad47b71971d9a918a21954af6b18d83c933353bff3368795005bef0944e48
SSDEEP

196608:ezK75OV3cAk8v/AbTFeD0iGMF9UkGuhL5oKEKlXkmHCGyjlpgSp:ezK75OVBawgi4kGoLpvdk+5yXj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6037bbb3fd04e6cb2dfcfc3b36ec8d0e66375d586dadb0ee8c6769dd1470fa12

Files

6037bbb3fd04e6cb2dfcfc3b36ec8d0e66375d586dadb0ee8c6769dd1470fa12
.dll windows:6 windows x86

c2928d101d67f27450a2410d21dc6528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
Process32FirstW
LockResource
DecodePointer
QueryDosDeviceW
DeviceIoControl
Module32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetFullPathNameW
SetEndOfFile
WriteFile
FlushFileBuffers
SetLastError
DuplicateHandle
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
GetFileType
GetFileAttributesExW
SetFileAttributesW
GetPrivateProfileStringW
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
FreeLibrary
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentThreadId
GetModuleFileNameA
GetTickCount64
SetEvent
GetTickCount
CreateEventW
InitializeCriticalSection
VirtualAlloc
GetTempPathW
SetCurrentDirectoryW
CancelIo
OutputDebugStringA
CreateThread
GetLongPathNameW
SetStdHandle
ReadConsoleW
EnterCriticalSection
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetConsoleMode
GetConsoleCP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
GetCommandLineA
SetFileTime
SetEnvironmentVariableA
LoadLibraryExW
GetModuleHandleA
HeapSize
GetProcAddress
GetLastError
RaiseException
GlobalUnlock
GetStartupInfoW
lstrlenW
InitializeCriticalSectionEx
CreateFileW
GetTimeZoneInformation
GetModuleFileNameW
ReadFile
TerminateProcess
LeaveCriticalSection
SizeofResource
Sleep
LoadLibraryW
GetSystemDirectoryW
GlobalAlloc
GetProcessHeap
VirtualFree
GetModuleHandleW
OutputDebugStringW
GetLogicalDrives
GetComputerNameW
WaitForSingleObject
GlobalLock
CreateDirectoryW
HeapFree
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetACP
GetCPInfo
VirtualProtect
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCurrentThread
GetStringTypeW
AreFileApisANSI
VirtualQuery
GetDriveTypeW
FindFirstFileW
HeapReAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
TerminateThread
GetVersionExW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

wsprintfW
PostMessageW
SendMessageW
FindWindowW
IsWindow
GetSystemMetrics
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

advapi32

OpenSCManagerW
CloseServiceHandle
OpenServiceW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
ChangeServiceConfigW
CreateServiceW
ControlService
StartServiceW
DeleteService
ReportEventW
DeregisterEventSource
RegisterEventSourceW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoInitializeEx
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

shlwapi

PathFileExistsW
StrStrIW
SHDeleteKeyW

iphlpapi

GetIfEntry
GetAdaptersInfo

ws2_32

gethostbyname
inet_ntoa
WSAStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertGetNameStringW
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext

ntdll

RtlUnwind

wininet

HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
InternetConnectA
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestA
HttpSendRequestA
InternetOpenA

wtsapi32

WTSSendMessageW

Exports

Exports

plugin_set_info

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2928d101d67f27450a2410d21dc6528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

iphlpapi

ws2_32

version

crypt32

ntdll

wininet

wtsapi32

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 32KB - Virtual size: 32KB

.vmp0 Size: 4.0MB - Virtual size: 4.0MB

.vmp1 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.l1 Size: 13KB - Virtual size: 13KB

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 32KB - Virtual size: 32KB

.vmp0
Size: 4.0MB - Virtual size: 4.0MB

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.l1
Size: 13KB - Virtual size: 13KB