427142c2ab7d3c3d3d90c252837cd3f9

Sharing

Copy URL Twitter E-mail

General

Target

427142c2ab7d3c3d3d90c252837cd3f9
Size

326KB
MD5

427142c2ab7d3c3d3d90c252837cd3f9
SHA1

bd70a7e3957f85d3ca5899ee59c09f87a9f95a94
SHA256

5525446d84155199ba564f74f62de9a30107fb6f8bbca5f2c7c07a0ae517a5b5
SHA512

c6f6043f1e93b4605523776feec5c28ef506e9caf1d5faed09e70c1359aa9da6b6b72750460a682b2ad639551269f83dc93ba28e8057f5ec7d130f697a8edf21
SSDEEP

6144:3GOns3y1W5xKs/XpVFVPVzowU3bO9BHAnc49/BbdBwNMiKJ44ewqRNuvuz/RaR3P:WO+KCjfpVFVPHU6Hkl/BbcNMi644ezRo

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427142c2ab7d3c3d3d90c252837cd3f9

Files

427142c2ab7d3c3d3d90c252837cd3f9
.exe windows:5 windows x86 arch:x86

f9f24d42cd67dd476dac1d2770b1cef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
VirtualQuery
CreateMutexA
CloseHandle
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
lstrlenW
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetTickCount
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
CompareStringW
GetTimeZoneInformation
lstrlenA
GetLastError
Sleep
FindResourceExW
FindResourceW
WaitForMultipleObjects
InterlockedExchangeAdd
LoadResource
CreateSemaphoreW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
SwitchToThread
CreateIoCompletionPort
FileTimeToLocalFileTime
lstrcmpiW
OpenProcess
GetProcessTimes
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalFree
GlobalAlloc
GetComputerNameA
OutputDebugStringW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
LockResource
ReleaseSemaphore
SizeofResource
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetModuleFileNameW
GetStdHandle
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
GetFileSize
GetQueuedCompletionStatus
WaitForSingleObject
SetEvent
TerminateThread
FileTimeToSystemTime
FlushFileBuffers
ResetEvent
GetLocalTime
GetExitCodeThread
CreateEventW
PostQueuedCompletionStatus
GetSystemInfo
GetCurrentThreadId
SetEndOfFile
DeleteFileW
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
RtlUnwind
GetCPInfo
LCMapStringW
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
SetEnvironmentVariableA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ws2_32

WSAStringToAddressW
WSARecv
ioctlsocket
getsockopt
WSASetLastError
WSACleanup
htonl
getsockname
shutdown
bind
inet_ntoa
gethostbyname
gethostname
ntohl
recv
send
recvfrom
sendto
ntohs
connect
closesocket
htons
WSAAddressToStringW
WSASend
inet_addr
setsockopt
WSAGetLastError
socket
WSAStartup
freeaddrinfo
getaddrinfo
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
listen
WSAGetOverlappedResult
WSAIoctl

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetOption

iphlpapi

SendARP
GetAdaptersInfo

rpcrt4

UuidCreateSequential

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

user32

TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW

advapi32

RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

StrCatW
PathFileExistsW
StrPBrkW
PathRemoveFileSpecW
PathFindExtensionW
StrCmpW
StrChrW

Sections

.text
Size: - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f24d42cd67dd476dac1d2770b1cef1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

winhttp

iphlpapi

rpcrt4

winmm

user32

advapi32

shlwapi

Sections

.text Size: - Virtual size: 458KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 41KB

.vmp0 Size: - Virtual size: 14KB

.vmp1 Size: 324KB - Virtual size: 323KB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 512B - Virtual size: 434B

.text
Size: - Virtual size: 458KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 41KB

.vmp0
Size: - Virtual size: 14KB

.vmp1
Size: 324KB - Virtual size: 323KB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 512B - Virtual size: 434B