30a547b1e5dc26b07051fafc2dc895ea

Sharing

Copy URL Twitter E-mail

General

Target

30a547b1e5dc26b07051fafc2dc895ea
Size

316KB
MD5

30a547b1e5dc26b07051fafc2dc895ea
SHA1

a9f7c7e9efa5467b5e5a23df6398696495c66340
SHA256

ab169ff172c7e96bee7e624eafa01bce19af618ee28a687b3881623f3953edc8
SHA512

23cbdf8608c7d71c1ec14c2c5ae82013dbc4ca9bc94b8af4e1f6b0367267aa1e39183053c5775fc04e1f2faf5d2be188c8c0b9d1ac6dc2c60e179a013fbb628b
SSDEEP

6144:FyYax/ns8mHATgBnAJZKckN9kodiCib3gRvfT7HN3DFK/vi5ZI798dsXTJYU1T9Q:Fbax/ns8mHA0B4nkdOwvbTNpK2ZwGeDa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a547b1e5dc26b07051fafc2dc895ea

Files

30a547b1e5dc26b07051fafc2dc895ea
.exe windows:5 windows x86 arch:x86

4be7f23fa1c819a4a86f8f808061927e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
VirtualQuery
CreateMutexA
CloseHandle
GetCommandLineW
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
lstrlenW
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetTickCount
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
CompareStringW
GetTimeZoneInformation
lstrlenA
GetLastError
Sleep
FindResourceExW
FindResourceW
WaitForMultipleObjects
InterlockedExchangeAdd
LoadResource
CreateSemaphoreW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
SwitchToThread
CreateIoCompletionPort
FileTimeToLocalFileTime
lstrcmpiW
OpenProcess
GetProcessTimes
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalFree
GlobalAlloc
GetComputerNameA
OutputDebugStringW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
LockResource
ReleaseSemaphore
SizeofResource
GetOEMCP
GetACP
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
GetFileSize
GetQueuedCompletionStatus
WaitForSingleObject
SetEvent
TerminateThread
FileTimeToSystemTime
FlushFileBuffers
ResetEvent
GetLocalTime
GetExitCodeThread
CreateEventW
PostQueuedCompletionStatus
GetSystemInfo
GetCurrentThreadId
SetEndOfFile
DeleteFileW
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
RtlUnwind
GetCPInfo
LCMapStringW
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

CommandLineToArgvW

ws2_32

ioctlsocket
getsockopt
WSAIoctl
WSARecv
WSACleanup
htonl
getsockname
shutdown
bind
inet_ntoa
gethostbyname
gethostname
ntohl
recv
send
recvfrom
sendto
ntohs
connect
closesocket
htons
inet_addr
setsockopt
WSAStringToAddressW
WSASetLastError
WSAAddressToStringW
WSASend
WSAGetLastError
socket
WSAStartup
freeaddrinfo
getaddrinfo
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
listen
WSAGetOverlappedResult

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetTimeouts

iphlpapi

SendARP
GetAdaptersInfo

rpcrt4

UuidCreateSequential

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

user32

MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW

advapi32

RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

StrCmpW
PathFileExistsW
StrPBrkW
PathRemoveFileSpecW
StrCatW
PathFindExtensionW
StrChrW

Sections

.text
Size: - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4be7f23fa1c819a4a86f8f808061927e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

winhttp

iphlpapi

rpcrt4

winmm

user32

advapi32

shlwapi

Sections

.text Size: - Virtual size: 459KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 41KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 314KB - Virtual size: 313KB

.reloc Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 459KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 41KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 314KB - Virtual size: 313KB

.reloc
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 434B