a2f70e71c3437a1bea47d2f9a6d075022a149855e7b8738a38044b5726645bd6

Sharing

Copy URL Twitter E-mail

General

Target

a2f70e71c3437a1bea47d2f9a6d075022a149855e7b8738a38044b5726645bd6
Size

1.4MB
MD5

8089865f9684bfeaaf11ca28430e0a83
SHA1

b4709707b4bf3f2b4b4b657cb1fa3327b7a644db
SHA256

a2f70e71c3437a1bea47d2f9a6d075022a149855e7b8738a38044b5726645bd6
SHA512

51dc61a7163e9ae7d07192d718e1f4471e83aaabb91d7bf771d0b909c332e27ff4b39235705e96705b1ad9aba484455d9530d00aab652d2cc72bf50ecf61b40c
SSDEEP

24576:FTSrTSiGlzllpRqUg+njje5cnVLbrs01OdBugaWdij6f6bnqJntU:FT0TqXlpRqAjySnEugaWdNJntU

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f70e71c3437a1bea47d2f9a6d075022a149855e7b8738a38044b5726645bd6

Files

a2f70e71c3437a1bea47d2f9a6d075022a149855e7b8738a38044b5726645bd6
.exe windows:5 windows x86

6afa3b9c7288ff21f3a79f39f569d3e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
GetFullPathNameW
GetTickCount
IsBadReadPtr
GetVersionExW
GetVersionExA
LoadLibraryA
GetModuleHandleA
RtlCaptureStackBackTrace
LoadResource
SetLastError
LockResource
FreeResource
LoadLibraryW
MulDiv
FreeLibrary
GetLocalTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
GetProcessHandleCount
GetCurrentProcess
SetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
CreateProcessW
GlobalLock
GlobalAlloc
GetDriveTypeA
OutputDebugStringA
GetModuleHandleW
SetEndOfFile
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
GetProcAddress
SetConsoleCtrlHandler
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RaiseException
RtlUnwind
WaitForSingleObject
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
OpenProcess
TerminateProcess
QueryDosDeviceW
GetSystemTimeAsFileTime
Sleep
MoveFileW
CopyFileW
GetFileSize
CloseHandle
DeleteFileW
GetLastError
SetFileAttributesW
GetFileAttributesW
CreateFileW
FindClose
RemoveDirectoryW
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
LocalFree
GetModuleFileNameW
lstrlenW
GetCommandLineW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetNativeSystemInfo
GetExitCodeThread
lstrlenA
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
SizeofResource
WideCharToMultiByte
FindFirstFileExA
MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
RegisterWindowMessageW
IsWindowVisible
ClientToScreen
GetCursorPos
SetTimer
KillTimer
ShowWindow
SetForegroundWindow
IsIconic
IsZoomed
SetFocus
GetCapture
DestroyIcon
PostMessageW
SetCursor
SetRect
GetActiveWindow
InflateRect
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
IsWindow
DestroyWindow
SetWindowPos
EnableWindow
IsWindowEnabled
DrawIconEx
InvertRect
FillRect
SetActiveWindow
GetWindowLongW
GetDesktopWindow
OffsetRect
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
MessageBoxW
OpenClipboard
CloseClipboard
SetCapture
ReleaseCapture
UpdateWindow
EmptyClipboard
SetClipboardData
SetLayeredWindowAttributes
CreateWindowExW
GetDlgItem
GetClientRect
GetWindowRect
MapWindowPoints
SetWindowLongW
GetParent
GetWindow
SendMessageW
AnimateWindow
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
CopyRect
AppendMenuW
GetDC
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetIconInfo
CharNextW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
ReleaseDC
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
GetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetSysColor
EnableMenuItem
GetSystemMetrics
DestroyCursor
GetKeyState
GetFocus
LoadIconW
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
LoadCursorW

gdi32

Arc
GetCurrentObject
Polyline
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
DeleteObject
CreateRoundRectRgn
EnumFontsW
SetGraphicsMode
GetDeviceCaps
BitBlt
ExtCreatePen
GetViewportOrgEx
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection

advapi32

OpenProcessToken
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
RegDeleteValueW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

ole32

CreateBindCtx
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleUninitialize
OleInitialize
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules
EmptyWorkingSet
GetProcessImageFileNameW

ws2_32

ioctlsocket
htons
recv
connect
ntohs
setsockopt
WSAGetLastError
socket
WSAStartup
listen
select
gethostbyname
closesocket
bind
accept
WSACleanup
gethostname
inet_ntoa
__WSAFDIsSet
send
inet_addr

shlwapi

StrToIntExW

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetPropertyItemSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipImageGetFrameCount
GdipCloneImage

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 894KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6afa3b9c7288ff21f3a79f39f569d3e1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

ws2_32

shlwapi

imm32

gdiplus

msimg32

Sections

.text Size: - Virtual size: 1.9MB

.rdata Size: 534KB - Virtual size: 534KB

.data Size: - Virtual size: 130KB

.vmp0 Size: - Virtual size: 479KB

.vmp1 Size: 894KB - Virtual size: 894KB

.reloc Size: 512B - Virtual size: 128B

.rsrc Size: 15KB - Virtual size: 198KB

.text
Size: - Virtual size: 1.9MB

.rdata
Size: 534KB - Virtual size: 534KB

.data
Size: - Virtual size: 130KB

.vmp0
Size: - Virtual size: 479KB

.vmp1
Size: 894KB - Virtual size: 894KB

.reloc
Size: 512B - Virtual size: 128B

.rsrc
Size: 15KB - Virtual size: 198KB