4fc213c5beec0a48c992cc16147bd898

Sharing

Copy URL Twitter E-mail

General

Target

4fc213c5beec0a48c992cc16147bd898
Size

458KB
MD5

4fc213c5beec0a48c992cc16147bd898
SHA1

d078e20725cdd69ef19feff5ccb74a8eebbe7a2a
SHA256

a009833a53432868463134a6df8b017b744c4392b80d2446a33a71ee9f51cada
SHA512

730195cd83e3474f9ad9be3b4ce0f8a0144242ee85212f00b65c1c2a0ab71073afbafb6e76a2d2103fa4153623e9d8149b605874718c3f54c0374efa89f2679f
SSDEEP

6144:wpk16OPyxES6t7kxrpZDGI9VSgljHRCp8vohC3WeyZzqT0ouGCOuOy3wH1Pc:aQ6Eyz6pknZSMogF4IoggouGnrH1Pc

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fc213c5beec0a48c992cc16147bd898

Files

4fc213c5beec0a48c992cc16147bd898
.dll windows:6 windows x64 arch:x64

bec534802a688afc9209628aa2878d39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetModuleFileNameA
SizeofResource
GetFileSizeEx
Process32First
EnterCriticalSection
WriteFile
InitializeProcThreadAttributeList
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
FindResourceA
CreateToolhelp32Snapshot
MultiByteToWideChar
CopyFileA
GetLastError
UpdateProcThreadAttribute
CreateFileA
TerminateThread
LoadLibraryA
LockResource
DeleteFileA
GlobalAlloc
Process32Next
GlobalFree
CloseHandle
GetSystemInfo
LoadResource
SetFileAttributesA
GetProcAddress
SetFilePointerEx
CreateFileMappingA
WTSGetActiveConsoleSessionId
GetFileSize
GetCurrentProcessId
CreateThread
OpenFileMappingA
CreateDirectoryA
CreateIoCompletionPort
GetTickCount
SetFilePointer
GetCurrentDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteConsoleW
CreateFileW
HeapSize
DeleteFileW
OutputDebugStringW
Sleep
FlushFileBuffers
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
OpenProcess
TerminateProcess
OutputDebugStringA
GetFileType
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
QueryPerformanceFrequency
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCurrentProcess
InitializeSListHead
WideCharToMultiByte
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
wsprintfW

advapi32

CreateProcessAsUserW
DuplicateTokenEx

wsock32

bind
closesocket
accept
connect
select
ord1140
listen
WSAStartup
ioctlsocket
send
socket
gethostbyname
inet_addr
recvfrom
recv
getsockopt
htonl
htons
sendto
inet_ntoa
setsockopt
WSAGetLastError

iphlpapi

GetIpNetTable
GetAdaptersInfo
GetIpAddrTable

urlmon

URLDownloadToFileA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

ws2_32

WSASocketA
WSASend
WSARecv

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA

Exports

Exports

ServiceMain
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bec534802a688afc9209628aa2878d39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

iphlpapi

urlmon

userenv

wtsapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 245KB - Virtual size: 244KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 4KB - Virtual size: 25KB

.pdata Size: 10KB - Virtual size: 10KB

.vmp0 Size: 29KB - Virtual size: 29KB

.vmp1 Size: 48KB - Virtual size: 48KB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 245KB - Virtual size: 244KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 4KB - Virtual size: 25KB

.pdata
Size: 10KB - Virtual size: 10KB

.vmp0
Size: 29KB - Virtual size: 29KB

.vmp1
Size: 48KB - Virtual size: 48KB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 6KB