13f55fc3fa4fe85b072c9ef42b3033302ba039f4640109494c648e4df535cb02

Sharing

Copy URL

Twitter E-mail

General

Target

13f55fc3fa4fe85b072c9ef42b3033302ba039f4640109494c648e4df535cb02
Size

950KB
MD5

b109724013c09a41bb7d22af770a70a7
SHA1

2980188cc26c34fbd0b1afac888abf66d42b2185
SHA256

13f55fc3fa4fe85b072c9ef42b3033302ba039f4640109494c648e4df535cb02
SHA512

4baf78a548378bfe4d10cd6c4164188702b9fe0d9f61e4503e425b8661ccbf607549be105b47481b9d482453dcde4e917bd1c35820b3e4ef93f2a2007c4724cb
SSDEEP

24576:a4YHVUTXDTxL8b5PxVe6XeZKERDypmiFBFqZ:eVMDicFEBkZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13f55fc3fa4fe85b072c9ef42b3033302ba039f4640109494c648e4df535cb02

Files

13f55fc3fa4fe85b072c9ef42b3033302ba039f4640109494c648e4df535cb02
.dll windows:5 windows x86 arch:x86

5fda4d8c310558ea9d4846b21d51fa70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
RaiseException
HeapSize
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcessHeap
GetThreadPriority
VirtualProtectEx
FlushInstructionCache
GetThreadContext
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedIncrement
FormatMessageA
MultiByteToWideChar
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
lstrlenA
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalUnlock
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
SetLastError
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
LockResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetNativeSystemInfo
GetSystemDirectoryA
Process32Next
Process32First
OpenProcess
GetProcessId
VirtualQueryEx
GetCurrentThread
DeviceIoControl
CreateFileW
SizeofResource
LoadResource
FindResourceA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenThread
GetLocalTime
GetVersion
CopyFileA
MoveFileExA
GetPrivateProfileStringA
GetFileSize
WriteFile
LoadLibraryW
CloseHandle
GetLastError
CreateFileA
GetTempPathA
DeleteFileA
CreateMutexW
Sleep
GetCurrentProcessId
LoadLibraryA
GetProcAddress
CreateThread
GetModuleFileNameA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
IsValidCodePage
VirtualProtect
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
IsWindow
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemCount
UnregisterClassA
UnhookWindowsHookEx
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
MessageBoxA
wsprintfA
SendMessageTimeoutA
GetWindowThreadProcessId
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostMessageA
PostQuitMessage
FindWindowA
wsprintfW
EnumChildWindows
ShowWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
PtInRect
IsWindowVisible
DestroyMenu
LoadCursorA
GetSysColorBrush
RegisterWindowMessageA
LoadIconA
WinHelpA
GetWindowTextA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
DeleteObject
GetStockObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
CreateBitmap
SaveDC

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
CloseServiceHandle
StartServiceA
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteExA

shlwapi

PathFindFileNameA
PathFileExistsA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

psapi

GetModuleInformation
GetModuleFileNameExA

Exports

Exports

Test

Sections

.text
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 945KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fda4d8c310558ea9d4846b21d51fa70

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

wininet

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 214KB

.rdata Size: - Virtual size: 46KB

.data Size: - Virtual size: 177KB

.vmp0 Size: - Virtual size: 788KB

.vmp1 Size: 945KB - Virtual size: 944KB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 51KB

.text
Size: - Virtual size: 214KB

.rdata
Size: - Virtual size: 46KB

.data
Size: - Virtual size: 177KB

.vmp0
Size: - Virtual size: 788KB

.vmp1
Size: 945KB - Virtual size: 944KB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 51KB