bd3a55cb088b2a02eb78e2d701fd852029f86d338c4a6b36e94a4046e64c5250

Sharing

Copy URL Twitter E-mail

General

Target

bd3a55cb088b2a02eb78e2d701fd852029f86d338c4a6b36e94a4046e64c5250
Size

2.5MB
MD5

4a56a6eeb005f37b6c8fad7811ec1cfc
SHA1

c56c2553658ebd530eed80484676ec3ba222501d
SHA256

bd3a55cb088b2a02eb78e2d701fd852029f86d338c4a6b36e94a4046e64c5250
SHA512

8bb1dbc37fe0778d70052921e5881730ebd655ade6916f10f0f7ef210ee179cc488c1c91d1489acbc1665dc06ef2fd07e910480ecca3bd0141a45881a4e1655f
SSDEEP

49152:1pKx9E+2onrPOFXaMWq0u58IshaCzjmK5zjnvSDYfQOkx4jF9WPCxe0uH:1pWYug10u/shdjmK5zjn5IOkx4JkPV0I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd3a55cb088b2a02eb78e2d701fd852029f86d338c4a6b36e94a4046e64c5250

Files

bd3a55cb088b2a02eb78e2d701fd852029f86d338c4a6b36e94a4046e64c5250
.exe windows:5 windows x86

af99202f87299a636076254ef6cf735a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
QueryPerformanceCounter
SetErrorMode
LCMapStringW
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
WaitForSingleObject
FindNextFileA
lstrcmpA
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetModuleFileNameA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
FreeResource
GetCurrentDirectoryA
ExitProcess
SuspendThread
InterlockedIncrement
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
ResumeThread
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
UnmapViewOfFile
OutputDebugStringA
CreateFileA
GlobalFree
DeviceIoControl
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
Process32Next
SetCurrentDirectoryA
CreateProcessA
CopyFileA
DeleteFileA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
InterlockedDecrement
LoadLibraryA
GetProcAddress
GetTickCount
GetCurrentProcess
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CreateThread
CloseHandle
Sleep
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringA
InterlockedExchange
LoadLibraryW
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostThreadMessageA
CharNextA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageA
TranslateMessage
ValidateRect
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
RegisterClipboardFormatA
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
SetForegroundWindow
IsWindowVisible
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetTimer
EnableWindow
SendMessageA
GetWindowLongA
GetDesktopWindow
ScreenToClient
FindWindowA
IsWindow
InvalidateRect
keybd_event
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
MessageBeep
GetNextDlgGroupItem
GetParent
GetNextDlgTabItem
EndDialog
ExitWindowsEx
SetWindowTextA
ShowWindow
LoadIconA
GetSystemMetrics
SetParent
IsIconic
GetSystemMenu
AppendMenuA
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
UnhookWindowsHookEx
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowTextA
EnumWindows
PostMessageA
ClientToScreen
SetCursorPos
SetWindowPos
PtInRect
DrawEdge
GetClientRect
GetSubMenu
LoadMenuA
GetCursorPos
CopyRect
GetWindowRect
GetCapture
SetCapture
LoadCursorA
ClipCursor
ReleaseCapture
SetCursor
LoadBitmapA
UpdateWindow
CharUpperA
DrawIcon
MessageBoxW
CharUpperBuffW

gdi32

CreateFontIndirectA
GetMapMode
DPtoLP
GetBkColor
GetTextColor
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetRgnBox
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
MoveToEx
LineTo
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
BitBlt
CreateCompatibleDC
GetObjectA
TextOutA

comdlg32

GetFileTitleA
ChooseFontA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA

shell32

DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA

comctl32

ord17
ImageList_Destroy

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA

oledlg

ord8

ole32

OleUninitialize
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
OleIsCurrentClipboard

oleaut32

SysStringByteLen
SysFreeString
VariantClear
SysAllocString
VariantInit
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysAllocStringByteLen

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntry

lua51

luaL_newstate
luaopen_base
luaopen_table
luaopen_string
luaopen_math
luaL_openlibs
lua_pushcclosure
lua_tolstring
lua_setfield
lua_pushstring

iphlpapi

GetAdaptersInfo

rasapi32

RasDialA
RasHangUpA
RasGetProjectionInfoA
RasEnumConnectionsA
RasGetConnectStatusA

ws2_32

select
WSACleanup
__WSAFDIsSet
recv
inet_addr
connect
socket
htons
WSAStartup
gethostname
gethostbyname
inet_ntoa
send
closesocket

Exports

Exports

�گ�|{]�/H��_��$� Yn��4'�볎Y��s��9.�2 �b�z��HǾI��X�@m'�F��0a&(�V��<�1ܫ�N]2$tY��;˱y�7��g]��}�r��[��P!�\#Jg�#��U��_�"�o��I7�> L�]��j~�!��g�e}^ MP��h��O^h��تn��x�6��}ZX��i©X}u�}nh�ӣ��[0NH�A��LGU��ᆶ��NbA<0��mu��i��d��H�5�l� �1G7�}��zQ[A��6嚣��7��,�(iFO��'�U;��?}��q��wT��^S��a�m%�+��y� �@�d��� q��k�$��fS|0j��/q p@�b��a4�J|��#t��Q~x�Rڍ�S�9�%��57��E#�(YO�E]� "�؝�Ff�jj��R��E�� x�!��,I��xD�o z�3ITƨ�O{�Q�MҡJ��5�4��#?� ��e�E��x��G6"a�_É��ʹ�5�q=�$��d��=��Zj{�H�fo;ݢ%��M}?� ߑd�8�*G�]m�0U�,Kfe��[.��=��_x��hy��cSNj��+x_�l�n�"2��i��|��f�N��n;u�;�"��^��'Ly��"�,��-��h)�[��b � ��~^�(O�[��6Z��=�s2��M[��:Kͥˮ>O��k�'Q�f��2�&�Jz��U*��W�{�p�`��D�'=�dܪK��4��xn�:嵷�t��<��p�v��q/��9Tx�� I��~�ͯ�i��iW{�C8Q��i3��SplԦ�S?�U��U�+ޠC�]�\$fGP˱?�g��-��N#�� b��<�pˀ�Sm%��E�]�-=�p��n0��KV�,1��[)�fI�� xѮ=q*[��&ᷦ#ެg�y.߄�kv�|��b��'�UA�4�SgK �*�7��0<4��E��Ye�)��N��R��hX ��g��)B�m�#\{��V�[��I4�,Њ�=�v�0�,�f�5��dy3��CFci.Nê�+�V�c�L�Y�J�^Ֆs� �l~�R�gD��C�%E 6q�`1/Ӥ�C%u��C�vc�d��$ZUCdi7��qBg��I%��@C��ȫo�l9�/gE��#��>#�8��X��6�f��C��#3�U:�7'�x`~t�g��ϸR�Y�!ш>.�x]!�:x��mGI��Z#�jbt�� 2�8�P4�\nz�`��&�j K;?�.��X}�a�K�e�{Fc�0�4"��n�b��t��J%s�|2߉�$y0��u��t��Ӣubr^y�)��W{ ��Te:Y�֞��+\ ��ߒO�&Ѐ׮S�`>�S��a%�V@��dE��6bM��v��{��mIT۰��}�tH"V5�9ߖji!�.+��Gz5�$��˙�O�m2��LKl�e�(MT�]i��@9��>��vа1N��#a(�ɤD��H��: �5��M'Nk��޿*�R��iDA��#CzX(��ٻQ\^q.e��f2��]�2�� bW[�W�>1��9��֨?��dz�A9=o�hC�)��*�Tx u�P��v)C��.�&�CHgu#v�]�3DMq�&/ȭ� &��y[ �2l�4~M��#"��b��f&2�zF*s�� '��%.��BI�*��GS�z��4��J Q�ER�.�� ~�`�|`��(��q�) xҲ��<kV7�dE��mU�&_Q0t{&��\'L��Fn��Vq<��W�A�c�9��x�Q��q�tڨ��>j�'�d��:��X��{��s�\�� ع� UH��u� � 2\_�ML��Ƴ�{SH��,��ƫ7�-Y&Ǖy+{��f��O�jT ��8��w�w��_aN;j��k��R�% kT�u�\�h�Ԩ��G��l�0�u��8Yټ �!L�B�~;��ZL��7��O�lk�%�.��L~v��b��#��b��k�T�p�u�9�L��DH��։mNy��>�%�L�ƫ��$.� dm��^|�X�3�h0h�LC�o��R��x"ɡ��dp�7�Q��3�(+�d/f�,~�d}�羠��y�R��]mV�Zx��F��F-��@��-�顜��^q�S��hþjx� uĥ~��cu�tו�/;9Luz^�畼��K��wF$��W:�qE*��-�P�f�Intr�j([x{��ܶ�gh�f��*��@�a�'x%�no��}��^��AؐPH�Z��x�J��>��_6�f;cͭJb��xWsR�n[��E�� +��y �(/�P��9;紘�"`�� N�@� ��o@%��W��a�B�ܜ�Q��'�o��m�"d�e,�ɋ,��9��ZQ��ܯ3<��[f��^� nN��n�igy_,m�Q�ǎ��GnX��d�&}��i7��2D��z:�V��E-%+m�b��3�G��9.�דP��k�(��_ĩ:�D��H6&�x|O�c��?oՑ,t��H0L��m��k`�V2�x��ɯ��0��+��% 8\S�Xײ��P!�h��cr�@��LT��Wd��aa�r}��r��N,7��=��K��=�Q��u��q�Jl��<��(jS��W��9ҏ"��ON��v�o�9��2�� -ܢL%��=e��O=~��,Q�)�4�z}��/��/�#��Q+��mB7�#k��{d��8�� Y��#�x�r2m`1��b庱�㜄�@7�w0�Ѡ��eL�1�^�

Sections

.text
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af99202f87299a636076254ef6cf735a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

lua51

iphlpapi

rasapi32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 356KB

.rdata Size: - Virtual size: 80KB

.data Size: - Virtual size: 43KB

.vmp0 Size: - Virtual size: 1.8MB

.tls Size: 4KB - Virtual size: 4KB

.vmp1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 492KB - Virtual size: 492KB

.text
Size: - Virtual size: 356KB

.rdata
Size: - Virtual size: 80KB

.data
Size: - Virtual size: 43KB

.vmp0
Size: - Virtual size: 1.8MB

.tls
Size: 4KB - Virtual size: 4KB

.vmp1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 492KB - Virtual size: 492KB