a0b240dbedc86ed81c30e6474e18e97391d8059ac7e3c1c19650847dd3a8597e

Sharing

Copy URL Twitter E-mail

General

Target

a0b240dbedc86ed81c30e6474e18e97391d8059ac7e3c1c19650847dd3a8597e
Size

11.2MB
MD5

b3eda75bc03e6d154cb87d3e4e4135a3
SHA1

672bf6615d8ae8cf156aa8f5adb1f6f9443ca66e
SHA256

a0b240dbedc86ed81c30e6474e18e97391d8059ac7e3c1c19650847dd3a8597e
SHA512

374ed644d7493f815c30977280b05dfe613ceaecb15d387caa8fb9030f11dcb50c85e6a0db000ce4acfeb28d0fbd3fd4c15223ed90447da53dfe861d58cae702
SSDEEP

196608:ZaNAKd08r8YuFobtgYyGMwmhFOiZNn1lZ+ggQt7lamzC98Ids2HwvCOkcEqYE:ZWA+gVFUGYtM1OiZ3HgssjdJKCOIq

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0b240dbedc86ed81c30e6474e18e97391d8059ac7e3c1c19650847dd3a8597e

Files

a0b240dbedc86ed81c30e6474e18e97391d8059ac7e3c1c19650847dd3a8597e
.exe windows:5 windows x86

2167caa489b4233bc97e45d994b90706

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc110u

ord10100
ord6459
ord996
ord4177
ord3202
ord8986
ord6000
ord6700
ord629
ord2164
ord2194
ord3639
ord3775
ord10317
ord4824
ord13958
ord884
ord1382
ord2351
ord894
ord13657
ord7736
ord12590
ord1389
ord539
ord4886
ord4823
ord7914
ord8607
ord12392
ord14055
ord6403
ord9060
ord9085
ord12011
ord8990
ord2706
ord13573
ord6089
ord3109
ord3348
ord3349
ord11233
ord10860
ord8891
ord11969
ord8609
ord12716
ord4992
ord6969
ord3739
ord13294
ord4416
ord5298
ord4853
ord4847
ord4883
ord4905
ord4862
ord4891
ord4901
ord4870
ord4874
ord4878
ord4866
ord4895
ord4858
ord1729
ord1720
ord1724
ord1716
ord1707
ord12095
ord12097
ord13699
ord3211
ord9106
ord10847
ord6840
ord12058
ord8816
ord14408
ord11774
ord3780
ord11927
ord8983
ord11564
ord11563
ord5528
ord10133
ord10129
ord10131
ord10132
ord10130
ord2707
ord8055
ord5855
ord3250
ord13577
ord6091
ord4166
ord7347
ord461
ord8610
ord285
ord5792
ord2954
ord1514
ord2329
ord8308
ord4264
ord2331
ord2335
ord8314
ord8230
ord12697
ord8169
ord5233
ord2432
ord12374
ord12375
ord14409
ord7770
ord14415
ord9248
ord4093
ord4031
ord12779
ord7789
ord1985
ord11820
ord11821
ord14287
ord12364
ord7847
ord14487
ord6218
ord14489
ord6220
ord14488
ord6219
ord3794
ord5789
ord12077
ord12085
ord4528
ord8062
ord10278
ord12089
ord12057
ord12760
ord5128
ord5425
ord5635
ord9200
ord5401
ord5638
ord5131
ord5287
ord5109
ord7572
ord7573
ord7563
ord5285
ord8064
ord10095
ord9059
ord6723
ord1106
ord6359
ord6436
ord3824
ord2251
ord1104
ord1229
ord1437
ord1173
ord4033
ord946
ord2154
ord7844
ord4991
ord1463
ord989
ord7505
ord10224
ord1502
ord5664
ord12006
ord3210
ord3316
ord3317
ord3882
ord11962
ord2628
ord5806
ord13524
ord11555
ord6739
ord14416
ord7771
ord14410
ord3000
ord4433
ord9541
ord3247
ord4441
ord1516
ord4754
ord1039
ord296
ord2355
ord1504
ord3127

msvcr110

memset
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
swprintf_s
wcsncpy_s
_recalloc
calloc
free
_resetstkoflw
malloc
wcsstr
_wcsupr_s
__CxxFrameHandler3
memcpy_s
_fmode
_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit

kernel32

WaitForSingleObject
Sleep
GetLastError
DeleteCriticalSection
CloseHandle
GetCurrentDirectoryW
GetCurrentProcess
CreateMutexW
GetUserDefaultLCID
SetThreadUILanguage
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
CreateDirectoryW
SetCurrentDirectoryW
OpenEventW
EnterCriticalSection
InterlockedExchange
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

AppendMenuW
SendMessageW
IsIconic
GetSystemMenu
GetClientRect
DrawIcon
ValidateRect
LoadIconW
EnableWindow
SetWindowPos
ShowWindow
FindWindowW
GetSystemMetrics
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation

gdi32

CreateDIBSection
DeleteObject
GetObjectW
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx

shlwapi

PathIsDirectoryW

oleaut32

OleCreatePictureIndirect
VariantClear

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup

wtsapi32

WTSSendMessageW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2167caa489b4233bc97e45d994b90706

Headers

DLL Characteristics

File Characteristics

Imports

mfc110u

msvcr110

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

gdiplus

wtsapi32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.vmp0 Size: 3.7MB - Virtual size: 3.7MB

.vmp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.l1 Size: 15KB - Virtual size: 15KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 3.7MB - Virtual size: 3.7MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.l1
Size: 15KB - Virtual size: 15KB