9a8a9402becb99cb5cec7fa66add793f4b178a9cfca6345f2954edcff65e9bcd

Sharing

Copy URL

Twitter E-mail

General

Target

9a8a9402becb99cb5cec7fa66add793f4b178a9cfca6345f2954edcff65e9bcd
Size

6.8MB
MD5

03748caed221a092705a93bb94126f1c
SHA1

7e273375f8a183e22aa775d472bd7a88b4e6f59a
SHA256

9a8a9402becb99cb5cec7fa66add793f4b178a9cfca6345f2954edcff65e9bcd
SHA512

620599f7ea187ae00335cde7a7a27a9cf25a4fd8f8104cb18be3b059bd2eee4707de353e5fd45abc8831f55f43935f0be8e6da8d8ee9c6647c649e7975a3f5e8
SSDEEP

196608:yy5NQBT9i8hoZvFz1Uk5y7C1p2n8Vkezrj:yyNSzoBcaVJj

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a8a9402becb99cb5cec7fa66add793f4b178a9cfca6345f2954edcff65e9bcd

Files

9a8a9402becb99cb5cec7fa66add793f4b178a9cfca6345f2954edcff65e9bcd
.dll windows:6 windows x86

5cd519c2dcc873addde04a8ee603c814

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winhttp

WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpCheckPlatform

netapi32

Netbios

ntdll

RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlGetNtVersionNumbers
ZwLoadDriver
ZwUnloadDriver
RtlInitAnsiString
RtlUnwind

gdi32

D3DKMTQueryResourceInfo

kernel32

HeapReAlloc
GetProcessHeap
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
EnumSystemLocalesW
SetFilePointerEx
GetCurrentProcess
ReadProcessMemory
CreateFileA
FlushFileBuffers
GetFileSizeEx
ReadFile
WriteFile
GetTempPathA
CloseHandle
GetLastError
OpenEventW
Sleep
GetCurrentProcessId
GetProcessId
CreateRemoteThreadEx
GetTickCount64
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
SetStdHandle
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetCurrentDirectoryA
DeleteFileA
DeviceIoControl
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteConsoleW
LoadResource
LockResource
SizeofResource
FindResourceA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetConsoleOutputCP
GetConsoleMode
CreateFileW
GetSystemTimeAsFileTime
IsWow64Process
GetCommandLineW
GetCommandLineA
GetOEMCP
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxTimeoutA
GetWindowThreadProcessId
MapVirtualKeyA
GetMouseMovePointsEx

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA

Sections

.text
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cd519c2dcc873addde04a8ee603c814

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

netapi32

ntdll

gdi32

kernel32

user32

advapi32

Sections

.text Size: - Virtual size: 260KB

.rdata Size: - Virtual size: 72KB

.data Size: - Virtual size: 7KB

.vmp0 Size: - Virtual size: 1.6MB

.vmp1 Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 512B - Virtual size: 168B

.rsrc Size: 1024B - Virtual size: 5.6MB

.text
Size: - Virtual size: 260KB

.rdata
Size: - Virtual size: 72KB

.data
Size: - Virtual size: 7KB

.vmp0
Size: - Virtual size: 1.6MB

.vmp1
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 512B - Virtual size: 168B

.rsrc
Size: 1024B - Virtual size: 5.6MB