0485898139f22b3ff1322cadfa34b24b

Sharing

Copy URL

Twitter E-mail

General

Target

0485898139f22b3ff1322cadfa34b24b
Size

1.4MB
MD5

0485898139f22b3ff1322cadfa34b24b
SHA1

98d5c39d88d4a3e30acf1c30b3310a9e782d3112
SHA256

e9853d25fbbcc5d5c57b147941f4fa0f85fad0d86b2c6c35161bb480285c2e98
SHA512

d6aa214fa5ca28ba1938b0c0ccf58e397816d9eda37d1bb7f258ee28193308082a878f77c1be83e6bd636f6a7136635abe448c4099a5a586e7e2366993589c94
SSDEEP

6144:UtznzGAKMCH5t2RkULnP57FXrFKqNVEc5bCo2BKHj9ZyAqV20T:UtzniAKM25trARp7FZhlKKHjaAqVlT

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0485898139f22b3ff1322cadfa34b24b

Files

0485898139f22b3ff1322cadfa34b24b
.dll windows:4 windows x86 arch:x86

ac759e692b3f0e49b9f0bacb1047333b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

select
send
inet_addr
gethostbyname
WSACleanup
WSAGetLastError
WSACancelBlockingCall
WSAStartup
socket
connect
setsockopt
bind
listen
getsockname
ioctlsocket
closesocket
recv
__WSAFDIsSet

iphlpapi

GetAdaptersInfo

user32

SetWindowsHookExA
SetTimer
UnhookWindowsHookEx
KillTimer
GetKeyState
CallNextHookEx
PostMessageA
GetForegroundWindow
MessageBoxA
FindWindowA

advapi32

AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
InitializeSecurityDescriptor

kernel32

FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsBadWritePtr
HeapReAlloc
SetEndOfFile
UnhandledExceptionFilter
Sleep
CreateThread
TerminateThread
GetProcAddress
GetModuleHandleA
VirtualProtect
CreateProcessA
GetCurrentProcessId
GetModuleFileNameA
FlushInstructionCache
WriteProcessMemory
CloseHandle
WaitForSingleObject
VirtualAllocEx
GetCurrentProcess
LoadLibraryA
VirtualQuery
SetLastError
WriteFile
WideCharToMultiByte
SetFilePointer
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetSystemInfo
OutputDebugStringA
lstrlenA
CopyFileA
GetTickCount
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileA
GetCurrentThreadId
TerminateProcess
GetCommandLineA
ExitThread
HeapFree
HeapAlloc
GetProcessHeap
OpenFileMappingA
GetLastError
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
GetVersionExA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedExchange

Exports

Exports

ComInitControlCode
ComInitGameMainProcessId
ComInitGameMainThreadId
ComInitTianShenAccType
ComInitTianShenAccount
ComInitTianShenIP
ComInitTianShenParam
ComInitTianShenPort
ComInitTianShenPwd
ComInitTianShenWnd

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac759e692b3f0e49b9f0bacb1047333b

Headers

File Characteristics

Imports

ws2_32

iphlpapi

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 20KB

Shared Size: 4KB - Virtual size: 440B

.vmp0 Size: 16KB - Virtual size: 12KB

.vmp1 Size: 172KB - Virtual size: 169KB

.vmp0 Size: 8KB - Virtual size: 5KB

.vmp1 Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 20KB

Shared
Size: 4KB - Virtual size: 440B

.vmp0
Size: 16KB - Virtual size: 12KB

.vmp1
Size: 172KB - Virtual size: 169KB

.vmp0
Size: 8KB - Virtual size: 5KB

.vmp1
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB