719f6a9c4d9d36f1631ceefd2d43da2f

Sharing

Copy URL

Twitter E-mail

General

Target

719f6a9c4d9d36f1631ceefd2d43da2f
Size

602KB
MD5

719f6a9c4d9d36f1631ceefd2d43da2f
SHA1

9294f54f64d7c5d7208f5f9382b9c1d309b89c98
SHA256

42e3b12880cbcecf93cc5d053ad7f9a3b41810abddda448309d240ef5eb93672
SHA512

4438a772616c337803ddbfc4042a78ca0af0005dd423e2807bbf77e28a3fe09b3026de599e13429eead8337b00b35f7fe78b5ba66e8b46de5606f05cff3cef86
SSDEEP

12288:FbEhhemuy4glUnQ2/Ca/jp9UEP0C43fU8gMAx0+QujmXxLHzV/ny:5EhhemuC8H6aL5B43fU8gMG0+QuShzhy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/CSOM.dll	vmprotect
static1/unpack001/csojqk.exe	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSOM.dll
unpack001/csojqk.exe

Files

719f6a9c4d9d36f1631ceefd2d43da2f
.rar
CSOM.dll
.dll windows:4 windows x86 arch:x86

928a5269eaa9e8db3fb73d16b19bd648

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
RtlUnwind
GetFileType
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
HeapSize
HeapReAlloc
GetACP
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetOEMCP
GetCPInfo
GetProcessVersion
GetLastError
GlobalFlags
lstrcpynA
SetErrorMode
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetCurrentProcessId
VirtualAllocEx
FlushInstructionCache
SetLastError
FindFirstFileA
FindClose
VirtualQuery
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
TlsGetValue
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
VirtualProtect
ReadProcessMemory
WriteProcessMemory
OpenFileMappingA
MapViewOfFile
CreateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
CloseHandle
Sleep
GetVersionExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

WaitMessage
PostQuitMessage
SetCursor
ValidateRect
TranslateMessage
GetMessageA
ReleaseDC
GetDC
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
UnregisterClassA
GetClassNameA
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetFocus
AdjustWindowRectEx
GetTopWindow
MessageBoxA
GetMenuCheckMarkDimensions
GetCapture
WinHelpA
RegisterClassA
GetMenu
ModifyMenuA
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
InvalidateRect
ScreenToClient
EnableWindow
SendMessageA
GetWindowThreadProcessId
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
PtInRect
CopyRect
GetSystemMetrics
GetSysColor
GetWindowRect
FindWindowA
KillTimer
SetTimer
IsWindowVisible
LoadBitmapA
GetMenuState
wsprintfA
GetAsyncKeyState
GetCursorPos
SetCursorPos
GetMessagePos
WindowFromPoint
GetClientRect
ShowCursor
GetKeyNameTextA
GetFocus
CallNextHookEx
SetWindowsHookExA
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuItemCount
GetClassInfoA
MessageBoxA

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
SetViewportExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
GetTextExtentPoint32A
SetTextColor

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo

wsock32

recv
send
WSAAsyncSelect
inet_ntoa
recvfrom
sendto
connect
closesocket
WSAGetLastError
WSASetLastError
WSAStartup
gethostbyname
inet_addr
WSACleanup
accept

opengl32

glColor4f
glPopMatrix
glFrustum
glMatrixMode
glLoadIdentity
glPushMatrix
glVertex3f
glGetIntegerv
glGetDoublev
glGetFloatv

glu32

gluProject

winmm

timeGetTime

netapi32

Netbios

Sections

.text
Size: - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
csojqk.exe
.exe windows:4 windows x86 arch:x86

0f7aa556c8830d678af33a52e54630af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord809
ord795
ord2614
ord556
ord2414
ord4275
ord5290
ord5875
ord5277
ord1088
ord2122
ord3874
ord3797
ord6358
ord535
ord6197
ord6880
ord941
ord5572
ord926
ord3619
ord3626
ord3663
ord1641
ord2860
ord2859
ord2864
ord2379
ord3402
ord567
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord3147
ord815
ord2514
ord2621
ord1247
ord1134
ord641
ord656
ord693
ord616
ord818
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord4234
ord2135
ord2302
ord1979
ord6385
ord353
ord6153
ord3790
ord665
ord2770
ord354
ord668
ord356
ord4160
ord755
ord470
ord5186
ord5442
ord3318
ord922
ord2764
ord3906
ord6215
ord4204
ord3317
ord6930
ord3873
ord2029
ord1168
ord2863
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3610
ord1146
ord2582
ord4402
ord3370
ord3640
ord2077
ord1949
ord4034
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord2642
ord4278
ord2915
ord6199
ord3092
ord1200
ord537
ord2818
ord4919
ord540
ord860
ord4277
ord858
ord800
ord6282
ord791
ord523
ord3717
ord967
ord1995
ord5479
ord5797
ord4975
ord4863
ord4335
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord5308
ord823
ord561
ord825
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
fopen
fread
fclose
strncpy
_open
_filelength
_close
_mbscmp
time
srand
_snprintf
rand
_mbsrchr
memcmp
_except_handler3
_mbsstr
strtol
strncmp
sprintf
_setmbcp
_ltoa
_itoa
strcpy
__CxxFrameHandler
strlen
sscanf
atoi
memcpy
memset
strcat
strncat
_controlfp

kernel32

GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
Sleep
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
lstrcmpiW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
CreateMutexA
DeleteFileA
LoadResource
SizeofResource
FindResourceA
lstrcpyA
MapViewOfFile
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
Process32Next
Process32First
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
ExitProcess
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
GetStartupInfoA
WinExec
lstrlenA
lstrcatA
VirtualFreeEx
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SetCapture
GetParent
EnableWindow
wsprintfW
GetSystemMetrics
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
DrawIcon
AppendMenuA
GetSystemMenu
RedrawWindow
KillTimer
GetClientRect
LoadIconA
InflateRect
PtInRect
LoadCursorA
CopyIcon
GetSysColor
IsWindow
SetWindowLongA
SetCursor
ReleaseCapture
InvalidateRect
ReleaseDC
IsIconic
GetDC
MessageBoxA
SetTimer
MessageBeep
OpenClipboard
SendMessageA
GetWindowRect
MessageBoxA

gdi32

GetObjectA
CreateFontIndirectA
GetStockObject
GetTextExtentPoint32A

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA

wsock32

gethostbyname
inet_addr
WSACleanup
WSAStartup

netapi32

Netbios

Exports

Exports

c#��w#z&��9M��y��r�>��v�4e��)�p�Kq��7�g��8Ud�_P�I|�&%1*� H��fg"��f �в�om2�6Jɜ4��7,�~ �ޱ�F@��~��BB]�ٟ�5Er��pB�Ϭ��s�r5֖��r� �I��(��8H�.^�80�|��6|G^�?��_��aJ#��|E�.�c t�p_�v�j��z�C��ƨ{��7 5�v��rs��w��g#�,�T�aZ�v�/qĚ� ��Z`.�֧�S��F\I�!�U �p��_�/J�R�爲}k�V��q��M��p4��*�<��~C��Ұ��L8%�P�Ek�J�&��^|-��:��-�`�� s3��L 22;��.�8�G��" ��^��TX�2a9�]aT�"w��R�w��MpZU7߹��i�:�|��V�r�'��1��T��*��a�bE�I�`h�� &��l�V"FZ[��8��P�Z�[3��N}"��xۀY��MM�j��%��є&z-�|7�q�ֵ�t�oD��K0(H�`e�p�e-2�W^��o��r�� bC�₻k|��E��s�0�~�q��L�}��)��R��e �G�ث!��.QU�\�Qվ��דQ�8ը��d<N@L��t�M�"�D��X#d��O��"Q��,&�=O9�~�8fj�0�N%��@�qTwc��#IR��*�_� ��6��l��w�YUФ^kRyNJ|U�c'�m�Rw�Ţ��%�N̎4p��V=�|D{4/�F�._�C��j�>o�h��C��ﰻ��E��ܡ�$��)4x�f�Xtl��}h"�D��;ڕ��h(ڢ��'�z�\�R?"|��9�TN��㹱��K��}�FV�h ��d��A��.�" � ��.rq?n�Vj�X�=�-� &��n�:'�_��mB �gq��g'��j�^Z�_��F,c��3��z�)(A�'��6�)&S�*7��3'տ�+q#L&@�4Tm�Nn)-�g1�k�NpE��,��eJ7An 9��BKvn�($L3-K�+�(g�C�x�K��9}�Ǉ�'.W0=�õ��k��G��u��v�G��8#��?0<q�;��t��Me-�C9�\#�+�'�h ��Td�;��A3��ޕI5�ST"3�i }�b`xUb� 3z��3YA��C6��QH��'D{��t��>��$W��ܘ��m��51�^9��ZH �mقh�LT}�y�"t~}��X�9WP`�B4�m�OҶ�v��G�� ]��rF]�5�8Ҽ��:x�_+�&G_��[^t��dHa7�˚�W��,��ލ��B�Ɩ܈�G�ػF�;e��WE�s��I��S.�aӚC��-�`�8��=��c(;Бf�n�'�e��X��&��i��R�_��zᏝt�o�U{j'��$�G丽n��N?Ș�_w�lp�t�0��Jb'�!��*M�d�o��$�y#�_�'��L��FzMS��7�t��D=? `�� b}^�� 6�cJ�(�,�Q�m��,f�wXF��Kڟhr,A��Yb7`�� )��܄��{9��煫;<�\I�~�B�B`�6�`�:��w)��}��-L>�8{K&��]+��N#�v��K0� �>f^�.�w�#��B�&O��]/a?w� ��+>��+1+�,k�iro��D��J9��K,մx�\�ʃci6vf��NO�� 1��g/P?.��{U��V��s4��˨�7d��-�|�Q��<�\Ey��O�I�0�R��F�.1��Բ�'��G��{�Uc΂� i0��[O�g,�.C�q� fć;׺��iQ��~t�b�L�X�ڌ��:��13��uF�bGQ��+��f�U�Y�Z��R�ژ��ѮRg��O#�XmA�nr?|�/ ��P�=��;%��}��.�:LK��휢-&I��o��l��;�9Okk?/��g�3X��N8x��5�� u��J�5��#^�ǏC��":q��|p*��*J#��OL��2T�{��`Q�3lFh}��4��{y]͜��y�]��o�˕O+��c��q^O��l��ٰW�Ԕg*��nW{ҥ*?괈Iƺx��إ�2H�k��z��G��z+�l��ox��'�I��l��՜r��" �´wd�#��J�_�0�8_��O;��0k��ǯ~W��zA%�J�x��P�YD;�/��ɏ-*��1��m�W:v�2G��9��I�"��dgv��\�`k^�T�jQ�ox;(1�/g ?�z��|�h� W��n��_��/ɥn�Z/ H(>1hu��r�}�2 ס��6�Í��*OU_��uV8FS3��5�|u�L�L-`�5Q�K 3'g�G�Y�D�7��g�C��*��* Dٜ* ��s��|�DBp�Z��v��-�nmz��HU�t��CF��J��U;�$A��*��}7�.Kc��7��K� �F8K�O�X5k(�G��]��-��5�9��E×��/[ MG��ף��(��#��1o��*��)ʶ��z��IU"�+��>L�`�`�u�Spl��ϛRsD��^gs�*hD��0�t�֌�rU�t��RQ`�)Ba��0$Z��W��n,Oi)�͚c�L�_^��k��η��{5w.��ORMBM��ٮ��OY��>��#�|��f�<[��F@@n3c`�,f'ʯ��Ts=y��+��qU��r�b|d�1"��[��Ƃ,"��$��;{ �:ݕ�p��<��&��k�v}h��fk�+]�*��`��Q��K��

Sections

.text
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

928a5269eaa9e8db3fb73d16b19bd648

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

wsock32

opengl32

glu32

winmm

netapi32

Sections

.text Size: - Virtual size: 198KB

.rdata Size: - Virtual size: 34KB

.data Size: - Virtual size: 20.2MB

.rsrc Size: 4KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 74KB

.vmp1 Size: - Virtual size: 282KB

.vmp2 Size: 420KB - Virtual size: 417KB

.reloc Size: 4KB - Virtual size: 64B

0f7aa556c8830d678af33a52e54630af

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

wsock32

netapi32

Exports

Exports

Sections

.text Size: - Virtual size: 75KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 25KB

.rsrc Size: 24KB - Virtual size: 26KB

.vmp0 Size: - Virtual size: 132KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 196KB - Virtual size: 192KB

.reloc Size: 4KB - Virtual size: 144B

.text
Size: - Virtual size: 198KB

.rdata
Size: - Virtual size: 34KB

.data
Size: - Virtual size: 20.2MB

.rsrc
Size: 4KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 74KB

.vmp1
Size: - Virtual size: 282KB

.vmp2
Size: 420KB - Virtual size: 417KB

.reloc
Size: 4KB - Virtual size: 64B

.text
Size: - Virtual size: 75KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 25KB

.rsrc
Size: 24KB - Virtual size: 26KB

.vmp0
Size: - Virtual size: 132KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 196KB - Virtual size: 192KB

.reloc
Size: 4KB - Virtual size: 144B