71fa93421e9bb7bd75ef67b7a0f11051db4e8014858e065ad3e161524846deec

Sharing

Copy URL Twitter E-mail

General

Target

71fa93421e9bb7bd75ef67b7a0f11051db4e8014858e065ad3e161524846deec
Size

552KB
MD5

7efcf39239dca6fff3d6ef4264a63c23
SHA1

e2d5a96c85c70b4c7a52775a72486a239e1662b1
SHA256

71fa93421e9bb7bd75ef67b7a0f11051db4e8014858e065ad3e161524846deec
SHA512

e68e37a0e8ee2cf7fec7a0b60930a1704861673c4681660f9f543952950164e4706e2904d75374282d5333394df36585c1533fc832b915c41058ff1aac1108f8
SSDEEP

12288:/kc06HSrXDXUa729IBsztRSWpqCH9TH/sdsBmb1Il/Oon5/9X:/l06HSzjUaaRSWpXdLsSAJIdO4V

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fa93421e9bb7bd75ef67b7a0f11051db4e8014858e065ad3e161524846deec

Files

71fa93421e9bb7bd75ef67b7a0f11051db4e8014858e065ad3e161524846deec
.dll windows:4 windows x86 arch:x86

0715520b7d3d2b8b5107c0fea4a5f9ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
Sleep
GetModuleFileNameA
CreateDirectoryA
WriteFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
GetCurrentProcessId
ReadFile
GetFileSize
WTSGetActiveConsoleSessionId
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
GetLastError
RtlZeroMemory
SetWaitableTimer
CreateWaitableTimerA
lstrcpyn
GetProcAddress
GetModuleHandleA
Process32Next
CloseHandle
Process32First
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
DeleteFileA
CreateToolhelp32Snapshot
HeapDestroy
GetEnvironmentVariableA
HeapCreate
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetVersion
GetCurrentProcess
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
SetFilePointer
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
DispatchMessageA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage

comdlg32

GetFileTitleA

advapi32

CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

ole32

CoUninitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
VariantClear
SafeArrayDestroy
SysAllocString

wininet

HttpOpenRequestA
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetOpenA

shlwapi

PathFileExistsA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

shell32

SHGetSpecialFolderPathA

Exports

Exports

BR_Send
BR_SetSvrAckHandler
BR_SetSvrIP
BR_UserInit

Sections

.text
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0715520b7d3d2b8b5107c0fea4a5f9ea

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

wininet

shlwapi

wtsapi32

userenv

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 144KB

.rdata Size: - Virtual size: 9KB

.data Size: - Virtual size: 116KB

.vmp0 Size: - Virtual size: 419KB

.vmp1 Size: 540KB - Virtual size: 539KB

.reloc Size: 4KB - Virtual size: 168B

.rsrc Size: 4KB - Virtual size: 716B

.text
Size: - Virtual size: 144KB

.rdata
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 116KB

.vmp0
Size: - Virtual size: 419KB

.vmp1
Size: 540KB - Virtual size: 539KB

.reloc
Size: 4KB - Virtual size: 168B

.rsrc
Size: 4KB - Virtual size: 716B