580b6b45a83449e686d0d9d29d84f961

Sharing

Copy URL

Twitter E-mail

General

Target

580b6b45a83449e686d0d9d29d84f961
Size

55KB
MD5

580b6b45a83449e686d0d9d29d84f961
SHA1

0095d1e693b71f9e2aa6abe2e14f062084f7b4ca
SHA256

cb899cefc892f15539bb8f15871045a863135e80c0418db680e49fa7b35588c3
SHA512

b8af4b2eb58611b07ef6adc3e903ee77a032c2753a43d84a38064571a75b08d27b162706b1c527c76538c183d52686de2b70566cf268507a9852b638d6ffef80
SSDEEP

1536:cxrMmTISZhsmGE1rBZ6FqQnRCiNFb/yKnvGrH:cx3TXRGSZ6FqQRCAFzyKnvm

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
580b6b45a83449e686d0d9d29d84f961

Files

580b6b45a83449e686d0d9d29d84f961
.dll windows:4 windows x86 arch:x86

66690a2a6c99cac6993dd2701681c771

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetCurrentThreadId
SetFilePointer
GetModuleFileNameA
IsBadReadPtr
TerminateProcess
OpenProcess
CopyFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
GetPrivateProfileStringA
VirtualAlloc
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
ReadFile
GetTickCount
lstrcmpiA
lstrcmpA
WinExec
GetCurrentProcess
ExitProcess
Sleep
lstrlenA
lstrcpynA
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetTempPathA
lstrcatA
VirtualProtect
Module32First
OutputDebugStringA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameA
GetForegroundWindow
EnumWindows
GetSystemMetrics
IsWindowVisible
IsIconic
GetActiveWindow
ShowWindow
SetForegroundWindow
GetWindowInfo
PrintWindow
FindWindowA
PostThreadMessageA
GetWindowThreadProcessId
IsRectEmpty
ReleaseDC
LoadImageA
GetDC
ShowScrollBar
EndDialog
GetWindowTextA
SendMessageA
GetDlgItem
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetCursorPos
ExitWindowsEx
DialogBoxParamA
FindWindowExA

gdi32

CreateCompatibleBitmap
DeleteObject
SelectPalette
CreateDCA
GetDeviceCaps
DeleteDC
StretchBlt
GetObjectA
SelectObject
CreateCompatibleDC
GetStockObject
SetTextColor
SetBkColor
GetDIBits
RealizePalette
BitBlt

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam

wininet

HttpAddRequestHeadersA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetQueryDataAvailable

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

netapi32

Netbios

msvcrt

atoi
strstr
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
memmove
strrchr
strchr
sscanf
sprintf

Exports

Exports

DeleteSelf
Hookoff
Hookon
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66690a2a6c99cac6993dd2701681c771

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 43KB

.rsrc Size: 512B - Virtual size: 264B

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 14KB - Virtual size: 13KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 43KB

.rsrc
Size: 512B - Virtual size: 264B

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 14KB - Virtual size: 13KB

.reloc
Size: 2KB - Virtual size: 2KB