4fd40005d2dc217307f3acd4aee4c68a

Sharing

Copy URL Twitter E-mail

General

Target

4fd40005d2dc217307f3acd4aee4c68a
Size

2.5MB
MD5

4fd40005d2dc217307f3acd4aee4c68a
SHA1

c6cc41d2acf906bf497dc484f5c7c7c1a2732550
SHA256

3d283627176777719a63c3487fe2497cdf9452e980e88518d0fe17658b7cacf8
SHA512

1f9196901af392dc9dbf09ba9321347ed35bd61fb32e6fdddf50a8ae299a25d8991ba8e88ecb67a21dbd9be64fa874003ae27108485f62ccf5df5269def5681c
SSDEEP

49152:cUjYUj81la5Xcg50BhEDY2RbmniONFYdFHl:HjLj81kig6/QbmtNFmr

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/v2009/data/MFC42.dll	vmprotect
static1/unpack001/v2009/data/RPHOQ.dll	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v2009/IconCreater.exe
unpack001/v2009/data/MFC42.dll
unpack001/v2009/data/RPHOQ.dll

Files

4fd40005d2dc217307f3acd4aee4c68a
.rar
v2009/IconCreater.exe
.exe windows:4 windows x86 arch:x86

d88039e15f2835e9959972509b1475c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetFilePointer
SetEndOfFile
SetStdHandle
VirtualAlloc
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
RtlUnwind
VirtualFree
HeapFree
LCMapStringA
MultiByteToWideChar
GetCurrentDirectoryA
FlushFileBuffers
CreateProcessA
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
LCMapStringW

user32

LoadStringA
LoadAcceleratorsA
EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
CreateWindowExA
GetDesktopWindow
wsprintfA
MessageBoxA
LoadCursorA
RegisterClassExA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/Japanese.gts
v2009/data/MFC42.dll
.dll windows:4 windows x86 arch:x86

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
ResumeThread
SuspendThread
LoadLibraryA
GetCommandLineA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CloseHandle
SetEnvironmentVariableA
OpenThread
TlsAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
ExitProcess
TerminateProcess
GetCurrentProcess
ExitThread
CreateThread
GetVersionExA
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapAlloc
DeleteCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
CreateFileA
InitializeCriticalSection
MultiByteToWideChar
GetSystemInfo
ReadFile
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetEndOfFile

user32

SetWindowsHookExA
CallNextHookEx
EnumDisplaySettingsA
ChangeDisplaySettingsA
ShowWindow
SetFocus
MessageBoxA
GetForegroundWindow
PostMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

Exports

Exports

_pRecv
_pRecv1
_pSend

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/data/RPHOQ.dll
.dll windows:4 windows x86 arch:x86

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

closesocket

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
ResumeThread
SuspendThread
LoadLibraryA
GetCommandLineA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CloseHandle
SetEnvironmentVariableA
OpenThread
TlsAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
ExitProcess
TerminateProcess
GetCurrentProcess
ExitThread
CreateThread
GetVersionExA
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapAlloc
DeleteCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
CreateFileA
InitializeCriticalSection
MultiByteToWideChar
GetSystemInfo
ReadFile
GetTimeZoneInformation
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetEndOfFile

user32

SetWindowsHookExA
CallNextHookEx
EnumDisplaySettingsA
ChangeDisplaySettingsA
ShowWindow
SetFocus
MessageBoxA
GetForegroundWindow
PostMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

Exports

Exports

_pRecv
_pRecv1
_pSend

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2009/data/gersangcn.ini
v2009/data/gersangjp.ini
v2009/data/skin
v2009/hq

Sharing

General

Malware Config

Signatures

Files

d88039e15f2835e9959972509b1475c3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 4KB

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 5.2MB

mydata Size: 4KB - Virtual size: 1KB

.vmp0 Size: 24KB - Virtual size: 23KB

.vmp1 Size: 88KB - Virtual size: 85KB

.reloc Size: 12KB - Virtual size: 9KB

94fa43739f7c501c69a4771f178b9d59

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 5.2MB

mydata Size: 4KB - Virtual size: 1KB

.vmp0 Size: 24KB - Virtual size: 23KB

.vmp1 Size: 88KB - Virtual size: 85KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 5.2MB

mydata
Size: 4KB - Virtual size: 1KB

.vmp0
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 88KB - Virtual size: 85KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 5.2MB

mydata
Size: 4KB - Virtual size: 1KB

.vmp0
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 88KB - Virtual size: 85KB

.reloc
Size: 12KB - Virtual size: 9KB