aa55ba5844087e191d1d99727bdac5af

Sharing

Copy URL Twitter E-mail

General

Target

aa55ba5844087e191d1d99727bdac5af
Size

482KB
MD5

aa55ba5844087e191d1d99727bdac5af
SHA1

366e4d196cba49bdee20516d4e5d359251376f88
SHA256

c017c3f86ec6876e33ca33c4f9611ea8e0b64520e04197ec6f59652e205fc115
SHA512

8a123a125e0a88957447c06024f1f9a03867291893101faf4de90ef7b35abc3c179b95f192cb5740f24d18c835388c0279aff1a4c1efe2f62ca19290de09f42c
SSDEEP

12288:xI4dtMiMxaFJAMgm9LVu3WwZ2SMwWP1Uy/3Ej6Ts+/L:xI4dtMiMxaFLB9LVu3WwZVMnuy/0OTsw

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa55ba5844087e191d1d99727bdac5af

Files

aa55ba5844087e191d1d99727bdac5af
.dll windows:5 windows x86 arch:x86

4a2bbf087f865864dd8b056b9571d7ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
GetCurrentThread
CreateEventA
GetCommandLineW
GetEnvironmentVariableW
ExitProcess
CreateThread
WaitForSingleObject
GetTickCount
Sleep
DisableThreadLibraryCalls
WideCharToMultiByte
WriteFile
FlushFileBuffers
CreateFileA
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
CreateProcessW
GetModuleHandleW
GetModuleHandleA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindClose
GetSystemDirectoryW
ProcessIdToSessionId
SetCurrentDirectoryW
LoadLibraryA
GetVersionExW
GlobalAlloc
GlobalFree
CreatePipe
GetStartupInfoW
ReadFile
SystemTimeToFileTime
HeapDestroy
HeapAlloc
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LCMapStringW
FlushInstructionCache
SetErrorMode
lstrlenW
GetLocalTime
GetModuleFileNameW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
VirtualQuery
FindResourceExW
CreateMutexW
FindResourceW
LoadResource
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
UnhandledExceptionFilter
LockResource
SizeofResource
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MapViewOfFile
CreateFileMappingW
CloseHandle
OpenMutexW
GetLastError
HeapFree
GetSystemTimeAsFileTime
VirtualProtect
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
SetFilePointer
SetEvent
CreateEventW
ResetEvent
CreateRemoteThread
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetThreadContext
SetThreadContext
VirtualFree
VirtualAlloc
SuspendThread
ResumeThread
GetCurrentDirectoryW
LocalFileTimeToFileTime
QueryPerformanceCounter
GetCPInfo

user32

wsprintfW

advapi32

CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
OpenProcessToken

ole32

StringFromCLSID
CoTaskMemFree
CoCreateGuid

shlwapi

PathFileExistsW
StrCmpIW

wininet

HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetReadFileExW
InternetSetStatusCallbackW
InternetSetOptionW

dnsapi

DnsFree
DnsQuery_W

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

inet_addr
inet_ntoa
htonl

iphlpapi

GetAdaptersInfo
GetIpNetTable
GetIpAddrTable
SendARP
GetIpForwardTable

psapi

GetMappedFileNameW

rpcrt4

UuidCreateSequential

Exports

Exports

CB_Init
DllEntry
DllProc

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a2bbf087f865864dd8b056b9571d7ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wininet

dnsapi

version

ws2_32

iphlpapi

psapi

rpcrt4

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 25KB - Virtual size: 34KB

.rsrc Size: 1024B - Virtual size: 936B

.vmp0 Size: 16KB - Virtual size: 16KB

.vmp1 Size: 142KB - Virtual size: 141KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 25KB - Virtual size: 34KB

.rsrc
Size: 1024B - Virtual size: 936B

.vmp0
Size: 16KB - Virtual size: 16KB

.vmp1
Size: 142KB - Virtual size: 141KB

.reloc
Size: 11KB - Virtual size: 10KB