1d766f8ab8bec04e8d7dc2d090cb1b77

Sharing

Copy URL Twitter E-mail

General

Target

1d766f8ab8bec04e8d7dc2d090cb1b77
Size

326KB
MD5

1d766f8ab8bec04e8d7dc2d090cb1b77
SHA1

e65f2468cf9317c67bfd3925adf86cdf04a0063d
SHA256

56acd32433c8ba71fa8ba2c46b92433cb960eb72f5887de6fc49d5c47e830fa0
SHA512

d3382711e22838053a006617b99a15821bd26094ab84dd8ed8dcbbefb2d77424ab00069716e3371a7160fc8177b801e5f1e4ea5be2a543b0b5dd91508b450662
SSDEEP

6144:cGOns3y1W5xKs/XpVFVPVzowU3bO9BHAnc49/BbdBwNMiKJ44ewqRNuvuz/RaR3P:TO+KCjfpVFVPHU6Hkl/BbcNMi644ezRo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d766f8ab8bec04e8d7dc2d090cb1b77

Files

1d766f8ab8bec04e8d7dc2d090cb1b77
.exe windows:5 windows x86 arch:x86

f9f24d42cd67dd476dac1d2770b1cef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
VirtualQuery
CreateMutexA
CloseHandle
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
lstrlenW
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetTickCount
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
CompareStringW
GetTimeZoneInformation
lstrlenA
GetLastError
Sleep
FindResourceExW
FindResourceW
WaitForMultipleObjects
InterlockedExchangeAdd
LoadResource
CreateSemaphoreW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
SwitchToThread
CreateIoCompletionPort
FileTimeToLocalFileTime
lstrcmpiW
OpenProcess
GetProcessTimes
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalFree
GlobalAlloc
GetComputerNameA
OutputDebugStringW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
LockResource
ReleaseSemaphore
SizeofResource
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetModuleFileNameW
GetStdHandle
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
GetFileSize
GetQueuedCompletionStatus
WaitForSingleObject
SetEvent
TerminateThread
FileTimeToSystemTime
FlushFileBuffers
ResetEvent
GetLocalTime
GetExitCodeThread
CreateEventW
PostQueuedCompletionStatus
GetSystemInfo
GetCurrentThreadId
SetEndOfFile
DeleteFileW
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
RtlUnwind
GetCPInfo
LCMapStringW
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
SetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ws2_32

WSAStringToAddressW
WSARecv
ioctlsocket
getsockopt
WSASetLastError
WSACleanup
htonl
getsockname
shutdown
bind
inet_ntoa
gethostbyname
gethostname
ntohl
recv
send
recvfrom
sendto
ntohs
connect
closesocket
htons
WSAAddressToStringW
WSASend
inet_addr
setsockopt
WSAGetLastError
socket
WSAStartup
freeaddrinfo
getaddrinfo
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
listen
WSAGetOverlappedResult
WSAIoctl

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetOption

iphlpapi

SendARP
GetAdaptersInfo

rpcrt4

UuidCreateSequential

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

user32

TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW

advapi32

RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

StrCatW
PathFileExistsW
StrPBrkW
PathRemoveFileSpecW
PathFindExtensionW
StrCmpW
StrChrW

Sections

.text
Size: - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f24d42cd67dd476dac1d2770b1cef1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

winhttp

iphlpapi

rpcrt4

winmm

user32

advapi32

shlwapi

Sections

.text Size: - Virtual size: 458KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 41KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 324KB - Virtual size: 323KB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 458KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 41KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 324KB - Virtual size: 323KB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 512B - Virtual size: 434B