092dde4fa36f1d922bbb80ec5dad609daac0b9658e7292aa6c1827d5244838c1

Sharing

Copy URL Twitter E-mail

General

Target

092dde4fa36f1d922bbb80ec5dad609daac0b9658e7292aa6c1827d5244838c1
Size

484KB
MD5

5ca382fc49207e9b4303d8ba38f0bbef
SHA1

20bb22c665fa9b35b4a596a6eb747f8a2b6aae78
SHA256

092dde4fa36f1d922bbb80ec5dad609daac0b9658e7292aa6c1827d5244838c1
SHA512

4eae4e67f529f97f10e1841dc59363ed946c2d94eec771f5f908fa75abf3f69cf9b6ddf9e89f294a63bd8ff3cefc16296647046b9d9bedce48564ce43fab9e22
SSDEEP

12288:p7dRnxR4KJsR1De1UrkB7GjTzCWwYXhGo3cf:vRnrtWRIkkNITGqh3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
092dde4fa36f1d922bbb80ec5dad609daac0b9658e7292aa6c1827d5244838c1

Files

092dde4fa36f1d922bbb80ec5dad609daac0b9658e7292aa6c1827d5244838c1
.dll windows:4 windows x86 arch:x86

febf4bf05ef9dc05014e6d163fddfe95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
GetInputState
MsgWaitForMultipleObjects
CallWindowProcA
GetAsyncKeyState
SetTimer
MessageBoxA

kernel32

QueryDosDeviceA
RtlMoveMemory
OpenEventA
CreateThread
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
IsBadReadPtr
CreateWaitableTimerA
SetWaitableTimer
CreateDirectoryA
MoveFileA
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetNumberFormatA
LocalAlloc
LocalFree
GetCurrentProcessId
OpenProcess
TerminateProcess
GetModuleHandleA
lstrlenW
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetModuleFileNameA
DeleteFileA
GetTickCount
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
GetFileSize
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
GetLocalTime
GetUserDefaultLCID
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
GetSystemDirectoryA
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
GetTempPathA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
RtlUnwind
GetVersion
FlushFileBuffers
CreateFileMappingA
ReleaseMutex
CreateMutexA
GetExitCodeThread
GetComputerNameA
GetWindowsDirectoryA
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcpyn
DeviceIoControl
GetVolumeInformationA
GetVersionExA
VirtualProtect
GetModuleFileNameA
ExitProcess

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathFileExistsA

winmm

PlaySoundA

atl

ord42

oleaut32

SafeArrayDestroyDescriptor
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

shell32

SHGetSpecialFolderPathA

ws2_32

gethostbyname
recv
WSAGetLastError
inet_addr
connect
ioctlsocket
shutdown
inet_ntoa
send
__WSAFDIsSet
select
closesocket
htons
socket
WSAStartup
WSACleanup

Exports

Exports

MOV_��_EAX
��ʼ��

Sections

.text
Size: - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 472KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

febf4bf05ef9dc05014e6d163fddfe95

Headers

File Characteristics

Imports

user32

kernel32

ole32

shlwapi

winmm

atl

oleaut32

shell32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 541KB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 345KB

.rsrc Size: 4KB - Virtual size: 688B

.vmp0 Size: - Virtual size: 19KB

.vmp1 Size: - Virtual size: 103KB

.vmp2 Size: 472KB - Virtual size: 468KB

.reloc Size: 4KB - Virtual size: 136B

.text
Size: - Virtual size: 541KB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 345KB

.rsrc
Size: 4KB - Virtual size: 688B

.vmp0
Size: - Virtual size: 19KB

.vmp1
Size: - Virtual size: 103KB

.vmp2
Size: 472KB - Virtual size: 468KB

.reloc
Size: 4KB - Virtual size: 136B