44c7576efbcfe19e9b36dcefd16cce0029932c02eb0c6e541eaaa25b42bd57b8

Sharing

Copy URL Twitter E-mail

General

Target

44c7576efbcfe19e9b36dcefd16cce0029932c02eb0c6e541eaaa25b42bd57b8
Size

3.4MB
MD5

18496c3502b351107c595d2dbf0ed33d
SHA1

1e959ca4a6d76f9a79ae0697e08c35e1707fc2be
SHA256

44c7576efbcfe19e9b36dcefd16cce0029932c02eb0c6e541eaaa25b42bd57b8
SHA512

379498ab339a9436dc0aac798f423b17e0f0be59693bf3e169a22b70bede9d54ae886bb1b84786f1eac4d8b97f458f62b69e7c911bed54fd02f1fc58d5fb687e
SSDEEP

98304:qsv/CRZNZJ+htm3ViHtT6yUqysZLsLEY:q+/CZutmI9d7J

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c7576efbcfe19e9b36dcefd16cce0029932c02eb0c6e541eaaa25b42bd57b8

Files

44c7576efbcfe19e9b36dcefd16cce0029932c02eb0c6e541eaaa25b42bd57b8
.exe windows:6 windows x86 arch:x86

fb7076855d0aa1b2ad2981f4db5e8226

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord7886
ord14507
ord9353
ord4143
ord4082
ord12888
ord7905
ord2027
ord11927
ord11928
ord14380
ord12474
ord7964
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord3844
ord5894
ord12182
ord12190
ord8180
ord10383
ord12194
ord12162
ord12869
ord5742
ord10202
ord6831
ord6724
ord3230
ord4841
ord12348
ord14518
ord12291
ord2376
ord14571
ord2381
ord2881
ord5565
ord5562
ord4725
ord4705
ord1142
ord503
ord1693
ord2458
ord2459
ord4580
ord1111
ord6463
ord6540
ord2298
ord1109
ord4084
ord13830
ord952
ord2200
ord7961
ord1468
ord993
ord7618
ord10330
ord8026
ord7475
ord14509
ord1000
ord1472
ord6563
ord9166
ord10207
ord8182
ord5388
ord7677
ord7688
ord7687
ord5960
ord5210
ord5390
ord5231
ord5769
ord5504
ord9305
ord5739
ord5528
ord5228
ord12111
ord3258
ord3363
ord3364
ord3933
ord12067
ord2680
ord5911
ord8322
ord11663
ord6848
ord14508
ord7887
ord14510
ord3050
ord4485
ord9647
ord4493
ord4972
ord4911
ord4896
ord1507
ord266
ord300
ord2407
ord2387
ord2383
ord1044
ord5336
ord5003
ord4926
ord4981
ord4997
ord4938
ord4944
ord4950
ord4932
ord4987
ord4920
ord1772
ord1751
ord1765
ord1739
ord1717
ord12485
ord12484
ord12201
ord12205
ord13798
ord3259
ord1178
ord2484
ord9213
ord10950
ord6947
ord12163
ord8922
ord14502
ord11881
ord3830
ord12032
ord9089
ord11672
ord11671
ord5631
ord10240
ord10236
ord10238
ord10239
ord10237
ord14699
ord2759
ord8173
ord3295
ord3298
ord13681
ord6195
ord4216
ord3874
ord265
ord8285
ord4315
ord12863
ord14328
ord2438
ord12806
ord8347
ord8429
ord14334
ord2986
ord5059
ord1696
ord1692
ord12706
ord4656
ord8679
ord13198
ord13883
ord1447
ord974
ord8718
ord311
ord5095
ord1650
ord305
ord12074
ord10963
ord11343
ord5898
ord3396
ord3395
ord3005
ord3159
ord12826
ord6193
ord13677
ord8426
ord2758
ord9096
ord9192
ord9167
ord6507
ord12115
ord13475
ord8997
ord10986
ord1389
ord890
ord8735
ord310
ord3825
ord14149
ord7783
ord10421
ord7461
ord3689
ord2241
ord5102
ord12503
ord2210
ord462
ord2992
ord4809
ord1526
ord262
ord4807
ord14322
ord316
ord4958
ord259
ord13628
ord8672
ord1529
ord1509

kernel32

CopyFileA
lstrcpyA
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventA
EnterCriticalSection
ResetEvent
LeaveCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
GetACP
WideCharToMultiByte
FormatMessageA
GetTickCount
CreateFileA
ReadFile
WriteFile
Process32First
TerminateProcess
FindNextFileA
SetFilePointer
GetCurrentThreadId
lstrcmpA
GetFileAttributesA
CreateToolhelp32Snapshot
GetDiskFreeSpaceA
TerminateThread
Process32Next
CreateThread
SetFileAttributesA
GetStartupInfoA
GetFileSize
RemoveDirectoryA
lstrcmpiA
CreateProcessA
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
OutputDebugStringW
FindFirstFileA
FindClose
CloseHandle
GetModuleFileNameA
CreateMutexA
DeleteFileA
GetLastError
MultiByteToWideChar
OpenProcess
CreateDirectoryA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowLongA
SetWindowLongA
PostMessageA
SendMessageA
LoadIconW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
KillTimer
GetKeyState
SetTimer
FindWindowA
FindWindowExA
wsprintfA
EnableWindow
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW

advapi32

SetSecurityDescriptorDacl
LookupAccountNameA
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce

shell32

Shell_NotifyIconA
ShellExecuteW
ShellExecuteA

comctl32

InitCommonControlsEx

ole32

CoCreateGuid
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantInit
VariantClear
VarUdateFromDate
SysAllocString
SysFreeString
GetErrorInfo
SystemTimeToVariantTime
VarDateFromStr
VariantTimeToSystemTime
VariantCopy
VariantChangeType

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

imagehlp

MapFileAndCheckSumA

netapi32

NetUserAdd
NetShareAdd

ws2_32

sendto
getsockopt
ioctlsocket
select
send
recv
shutdown
htons
inet_ntoa
connect
closesocket
bind
recvfrom
inet_addr
ntohs
WSAStartup
WSACleanup
socket

vcruntime140

memcpy
_CxxThrowException
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
memset
memchr
__std_terminate
_purecall
strstr
memmove

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtol
atol

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_localtime64_s
_time64

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_recalloc
calloc

api-ms-win-crt-runtime-l1-1-0

_errno
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
exit
_resetstkoflw
_cexit
_invalid_parameter_noinfo

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_stat64i32
_makepath
_splitpath
_access
_mkdir

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp
tolower
strncmp

api-ms-win-crt-utility-l1-1-0

srand
ldiv
rand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fgets
fread
fwrite
fseek
fclose
fflush
fopen
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
__p__commode
__acrt_iob_func

api-ms-win-crt-multibyte-l1-1-0

_mbclen
_mbsicmp

api-ms-win-crt-math-l1-1-0

_except1
_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
ceil
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Sections

.text
Size: - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb7076855d0aa1b2ad2981f4db5e8226

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp140

imagehlp

netapi32

ws2_32

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 523KB

.rdata Size: - Virtual size: 132KB

.data Size: - Virtual size: 6KB

.gfids Size: - Virtual size: 68B

.tls Size: - Virtual size: 9B

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: - Virtual size: 523KB

.rdata
Size: - Virtual size: 132KB

.data
Size: - Virtual size: 6KB

.gfids
Size: - Virtual size: 68B

.tls
Size: - Virtual size: 9B

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 68KB - Virtual size: 67KB