c446fe7d1b5db7024f77db6abe156ac7944de63ea8983dab3406c59faef8161e[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c446fe7d1b5db7024f77db6abe156ac7944de63ea8983dab3406c59faef8161e.exe
Size

424KB
MD5

4908a4e15dc1418414d6803e4d843ca0
SHA1

b65b223a2e2c790026e801599a7f6afc535f59a3
SHA256

c446fe7d1b5db7024f77db6abe156ac7944de63ea8983dab3406c59faef8161e
SHA512

44f889ff2347de4195645a6deab88fbd0d29a75106da8752c1b93af456dfaf0fcc447cf48f89f1b434ffd45de873038251c1b3b9c44329ab0179b2fbfe79a42b
SSDEEP

12288:1+bGmuGNO1VhkkQlxlWfodrYu3HBbIKu9:1+bGgNO1VRuPWfodr3hbIKu9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c446fe7d1b5db7024f77db6abe156ac7944de63ea8983dab3406c59faef8161e.exe

Files

c446fe7d1b5db7024f77db6abe156ac7944de63ea8983dab3406c59faef8161e.exe
.dll windows:4 windows x86 arch:x86

0715520b7d3d2b8b5107c0fea4a5f9ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
GetModuleFileNameA
CreateDirectoryA
WriteFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetCurrentProcessId
ReadFile
GetFileSize
WTSGetActiveConsoleSessionId
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetLastError
RtlZeroMemory
SetWaitableTimer
CreateWaitableTimerA
lstrcpyn
GetProcAddress
GetModuleHandleA
Process32Next
CloseHandle
Process32First
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
DeleteFileA
CreateToolhelp32Snapshot
HeapDestroy
GetEnvironmentVariableA
HeapCreate
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
GetCurrentProcess
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
SetFilePointer
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
DispatchMessageA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage

comdlg32

GetFileTitleA

advapi32

CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

ole32

CoUninitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
VariantClear
SafeArrayDestroy
SysAllocString

wininet

HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetOpenA

shlwapi

PathFileExistsA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

shell32

SHGetSpecialFolderPathA

Exports

Exports

BR_Send
BR_SetSvrAckHandler
BR_SetSvrIP
BR_UserInit

Sections

.text
Size: - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0715520b7d3d2b8b5107c0fea4a5f9ea

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

wininet

shlwapi

wtsapi32

userenv

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 141KB

.rdata Size: - Virtual size: 9KB

.data Size: - Virtual size: 116KB

.vmp0 Size: - Virtual size: 292KB

.vmp1 Size: 412KB - Virtual size: 411KB

.reloc Size: 4KB - Virtual size: 140B

.rsrc Size: 4KB - Virtual size: 716B

.text
Size: - Virtual size: 141KB

.rdata
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 116KB

.vmp0
Size: - Virtual size: 292KB

.vmp1
Size: 412KB - Virtual size: 411KB

.reloc
Size: 4KB - Virtual size: 140B

.rsrc
Size: 4KB - Virtual size: 716B