0779649b19794fcf06d8de7e3e9fd470

Sharing

Copy URL Twitter E-mail

General

Target

0779649b19794fcf06d8de7e3e9fd470
Size

484KB
MD5

0779649b19794fcf06d8de7e3e9fd470
SHA1

d6ed1f4d21d68936eb6c6320d7172a4fd2e56b93
SHA256

cbacd0422d7cf5f46bd8868756487c8b65d7a6fe92575e6dda655aea356b9949
SHA512

ffa5ddfd2471561f0bbfb08ebd1fcdd3db381fe6ed00d56f3077e2813b0e600b26d3836cb59a8f176d7a6f3cafc4d5e9a6a07fae79ea89234746390cc401dc9c
SSDEEP

12288:RYDAM+b8wDXvusYRjN4JpmZuSpkK4xvuSsCQDG:RaAMQ8wDzYRR4bmuSV4ZusA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0779649b19794fcf06d8de7e3e9fd470

Files

0779649b19794fcf06d8de7e3e9fd470
.exe windows:4 windows x86 arch:x86

e6506b14049586eb5a300c34fbe9a851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
RtlUnwind
GetStartupInfoA
GetCommandLineA
RaiseException
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetACP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
LocalFree
FlushFileBuffers
SetFilePointer
lstrcpynA
lstrcmpA
GetCurrentThread
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalFree
TerminateProcess
GetSystemDirectoryA
lstrcpyA
lstrcatA
CreateProcessA
GetModuleHandleA
VirtualAlloc
WriteFile
VirtualFree
FindFirstFileA
OutputDebugStringA
FindNextFileA
FindClose
ResetEvent
WaitForSingleObject
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateEventA
ExitProcess
Module32First
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
CreateToolhelp32Snapshot
Process32First
Sleep
OpenProcess
SetFileAttributesA
DeleteFileA
MoveFileExA
Process32Next
CloseHandle
GetDriveTypeA
GetModuleFileNameA
SetEvent
GetCurrentProcessId
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
SetHandleCount
VirtualProtect

user32

GrayStringA
PostQuitMessage
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
WindowFromPoint
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
LoadStringA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
TabbedTextOutA
IsWindowVisible
ClientToScreen
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
wsprintfA
EndPaint
BeginPaint
MessageBoxA
CopyRect
GetSysColor
RegisterWindowMessageA
LoadImageA
GetParent
ExitWindowsEx
SetWindowTextA
LoadCursorA
SetCursor
GetDC
ReleaseDC
IsIconic
GetSystemMetrics
DrawIcon
SendMessageA
SetTimer
GetWindowLongA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetWindowLongA
LoadIconA
TrackMouseEvent
InvalidateRect
DrawTextA
EnableWindow
ReleaseCapture
PostMessageA
SetWindowRgn
GetClientRect
CreateWindowExA
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
SetBkMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
StretchBlt
CreateCompatibleBitmap
BitBlt
GetObjectA
CreateCompatibleDC
GetPixel
CreateRectRgn
CombineRgn
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreatePen
SelectObject
Rectangle
CreateRoundRectRgn
GetStockObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptAcquireContextA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash
RegOpenKeyExA
AdjustTokenPrivileges
CryptCreateHash
CryptReleaseContext
CryptHashData

shell32

DragQueryFileA
ShellExecuteA
DragAcceptFiles

comctl32

_TrackMouseEvent
ord17
ImageList_Destroy

ole32

CreateStreamOnHGlobal

olepro32

ord251

shlwapi

SHSetValueA
PathFileExistsA
SHDeleteKeyA

Sections

.text
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6506b14049586eb5a300c34fbe9a851

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

shlwapi

Sections

.text Size: - Virtual size: 93KB

.rdata Size: - Virtual size: 25KB

.data Size: - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 569KB

.vmp0 Size: - Virtual size: 32KB

.vmp1 Size: 468KB - Virtual size: 464KB

.reloc Size: 4KB - Virtual size: 68B

.text
Size: - Virtual size: 93KB

.rdata
Size: - Virtual size: 25KB

.data
Size: - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 569KB

.vmp0
Size: - Virtual size: 32KB

.vmp1
Size: 468KB - Virtual size: 464KB

.reloc
Size: 4KB - Virtual size: 68B