SecuriteInfo[.]com[.]W32[.]PossibleThreat[.]12284[.]2848

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.W32.PossibleThreat.12284.2848
Size

1.1MB
MD5

066f7a7a2def52268b5a89fcb22b670e
SHA1

1a61dbc7fe6068d984fdf5c11b4eb797bd8a0d9b
SHA256

f0e6714475274a3480d0c0841d37b38e13cf53389503ed68e06623e34abfd1eb
SHA512

a180c99e8a5a2a792f13aafeb5202ac2af51b1c158ebee7f8b31added7885bea1d0f2c0bf695358659ac70dd96d4da36f96f7d9fba1819f646dcbd8325853682
SSDEEP

24576:cHobdGqpNe6soZ3FcDGJHJT1XqdiePugA+4:cIMqjtguImZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.PossibleThreat.12284.2848

Files

SecuriteInfo.com.W32.PossibleThreat.12284.2848
.exe windows:4 windows x86 arch:x86

d84ae1673e3a04bf587551ee1e97d698

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateMutexW
FindNextFileW
MulDiv
ReadFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
WritePrivateProfileStringW
WritePrivateProfileStructW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStructW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
HeapFree
GetProcessHeap
WideCharToMultiByte
IsBadStringPtrA
SizeofResource
FindResourceExW
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
VirtualAlloc
lstrcatW
VirtualFree
GlobalDeleteAtom
GlobalAddAtomW
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
GetUserDefaultLangID
HeapAlloc
GetTimeZoneInformation
LocalFree
LocalAlloc
Module32NextW
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateToolhelp32Snapshot
FindCloseChangeNotification
LCMapStringW
GetOEMCP
SetEndOfFile
LoadLibraryA
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
FlushFileBuffers
LCMapStringA
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
HeapSize
TerminateProcess
TlsGetValue
TlsAlloc
TlsSetValue
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
RaiseException
HeapReAlloc
RtlUnwind
Module32FirstW
lstrcpynW
CopyFileW
CompareStringW
lstrcmpiW
lstrcpyW
GlobalMemoryStatus
GetSystemInfo
GetACP
GetCPInfoExW
FindResourceW
LoadResource
LockResource
GlobalHandle
FreeResource
CreateFileW
WriteFile
CreateProcessW
CompareFileTime
GlobalSize
GlobalFree
GetThreadLocale
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetSystemTime
DeleteFileW
SetFileAttributesW
SetThreadPriority
ResumeThread
SetErrorMode
GetFileAttributesW
GetDriveTypeW
IsBadWritePtr
GetTempFileNameW
IsBadStringPtrW
GetModuleFileNameW
GetTempPathW
FindFirstFileW
FindClose
OpenMutexW
ReleaseMutex
SetLastError
SetThreadLocale
FindFirstChangeNotificationW
CreateDirectoryW
FindNextChangeNotification
GetLastError
FormatMessageW
IsBadCodePtr
GetLocaleInfoW
GetVersionExW
MultiByteToWideChar
WaitForMultipleObjects
InterlockedCompareExchange
GetTickCount
GetComputerNameW
GetLocalTime
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryExW
Sleep
CreateThread
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
OpenEventW
WaitForSingleObject
ResetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
SetEvent
CloseHandle
CreateEventW
GetProcAddress
InterlockedExchange
GetUserDefaultLCID
IsBadReadPtr
OutputDebugStringW
DebugBreak
lstrlenA
GetModuleHandleW
LoadLibraryW
FreeLibrary
InterlockedIncrement
lstrlenW
SetFileTime
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClassInfoW
CallWindowProcA
GetMenu
FindWindowExW
ShowCursor
WindowFromPoint
GetWindowRgn
GetWindowDC
LoadKeyboardLayoutW
SendMessageTimeoutW
GetAsyncKeyState
SetWinEventHook
UnhookWinEvent
AdjustWindowRectEx
UnionRect
RemoveMenu
GetDlgItemInt
SetDlgItemInt
AdjustWindowRect
SetDlgItemTextW
EqualRect
DestroyAcceleratorTable
CheckMenuItem
EnableMenuItem
GetMenuItemRect
IsMenu
CallNextHookEx
SetWindowsHookExW
ActivateKeyboardLayout
GetKeyboardLayoutNameW
GetKeyboardState
VkKeyScanExW
ToUnicodeEx
ShowCaret
UnregisterClassW
RegisterHotKey
UnregisterHotKey
GetNextDlgTabItem
MapVirtualKeyW
DrawFrameControl
IsCharAlphaNumericW
CharUpperBuffW
InflateRect
SetClassLongW
CreateDialogParamW
DialogBoxParamW
IsRectEmpty
EnumChildWindows
SetMenuDefaultItem
EndDialog
DrawFocusRect
OffsetRect
GetCursorPos
DestroyMenu
PtInRect
GetCapture
UpdateWindow
SetRectEmpty
GetKeyboardType
GetKeyState
MapVirtualKeyExW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
LoadMenuW
GetKeyNameTextW
EnumDisplayMonitors
GetMonitorInfoW
CopyRect
ScreenToClient
IsWindowEnabled
GetDlgCtrlID
CreateDialogIndirectParamW
MapWindowPoints
GetSysColorBrush
EnableWindow
GetWindowRect
GetUserObjectInformationW
GetThreadDesktop
CopyImage
DrawIconEx
DrawTextW
GetSystemMetrics
MonitorFromWindow
PostQuitMessage
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
IsIconic
FlashWindow
SetForegroundWindow
SetActiveWindow
AttachThreadInput
CloseClipboard
EnumWindows
EnumThreadWindows
GetMenuItemCount
GetMenuItemID
InsertMenuW
GetKeyboardLayoutList
SetCursor
DestroyIcon
MessageBeep
CharUpperW
GetPropW
RemovePropW
wsprintfW
GetDlgItem
SendMessageW
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
GetClassNameW
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
GetIconInfo
ReleaseDC
CreateIconIndirect
LoadStringW
wvsprintfW
CharNextW
ShowWindow
GetParent
IsWindow
DestroyWindow
MessageBoxW
DestroyCursor
LoadCursorW
SetTimer
GetSubMenu
SetMenuItemInfoW
EndMenu
KillTimer
GetKeyboardLayout
GetWindowThreadProcessId
GetForegroundWindow
IsWindowVisible
UnhookWindowsHookEx
CreateWindowExW
RegisterClassExW
LoadIconW
DefWindowProcW
CopyIcon
LoadImageW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
SystemParametersInfoW
GetClassLongW
ValidateRect
ClientToScreen
EnumDisplaySettingsW
GetMessagePos
SendInput
FindWindowW
SetRect
GetMenuStringW
ModifyMenuW
SetScrollPos
RegisterClassW
SetSystemCursor
GetClassInfoExW
EndPaint
CallWindowProcW
GetDC
GetFocus
IsChild
SetFocus
GetSysColor
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowLongW
GetWindow
RegisterWindowMessageW
SetCursorPos

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Create
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
_TrackMouseEvent

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderPathW
DragAcceptFiles
DragQueryFileW
DragFinish
FindExecutableW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
OpenProcessToken
RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
FreeSid
AllocateAndInitializeSid

gdi32

BitBlt
SelectObject
GetObjectW
GetObjectType
CreateCompatibleDC
DeleteObject
DeleteDC
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
CreateSolidBrush
LineTo
MoveToEx
CreatePen
CreateFontIndirectW
CreateDCW
SetPixel
GetPixel
SetTextColor
SetBkMode
SetBkColor
GetTextCharacterExtra
SetTextAlign
ExtTextOutW
RestoreDC
GetTextExtentPoint32W
SaveDC
GetTextMetricsW
RoundRect
GetCurrentObject
SelectClipRgn
CreateRoundRectRgn
GetBitmapBits
GetDIBits
FrameRgn
CreateRectRgn
FillRgn
CreatePolygonRgn
CreateBitmap

ole32

CoInitializeEx
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comdlg32

GetOpenFileNameW

winmm

PlaySoundW

wininet

HttpSendRequestW
InternetConnectW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW

shlwapi

ord487

olepro32

ord253

oleaut32

VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
DispCallFunc

Sections

.text
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d84ae1673e3a04bf587551ee1e97d698

Headers

File Characteristics

Imports

kernel32

user32

comctl32

shell32

advapi32

gdi32

ole32

oleacc

version

comdlg32

winmm

wininet

shlwapi

olepro32

oleaut32

Sections

.text Size: 631KB - Virtual size: 631KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 64KB - Virtual size: 77KB

.tls Size: 512B - Virtual size: 52B

.vmp0 Size: 46KB - Virtual size: 45KB

.vmp1 Size: 59KB - Virtual size: 59KB

.rsrc Size: 178KB - Virtual size: 178KB

.text
Size: 631KB - Virtual size: 631KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 64KB - Virtual size: 77KB

.tls
Size: 512B - Virtual size: 52B

.vmp0
Size: 46KB - Virtual size: 45KB

.vmp1
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 178KB - Virtual size: 178KB