Synthesia[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Synthesia.exe
Size

15.0MB
MD5

ebce3c2e78620ea94609f4952221383b
SHA1

7410e7543e83ce7b1e68b4b73400c60e57302109
SHA256

accb5f9fe7a669a5d7802324ea40e99829c1e03226a644c93e3078c6f29a56a7
SHA512

fd1af3d473d14a2d1651561f4f217034dd7ca9db6c33d3f6862ac5bf2d724985bf03cff80d9f56ad227e004e4d0c86420ebbb718bd8c3e3d819b65fa5c06b8df
SSDEEP

393216:MOQ5mzFrA9YSVij4J0JQZUp0S8O2y52xe:bxFrfSVij4J7ZHO2ywx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Synthesia.exe

Files

Synthesia.exe
.exe windows:6 windows x86 arch:x86

0679b19bedcc2d327c0ad59c84279ba6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamCityAgent\work\f71b18c76256d81b\build\win\Release\Synthesia.pdb

Imports

winmm

midiOutGetNumDevs
timeBeginPeriod
midiInGetNumDevs
midiInAddBuffer
midiOutShortMsg
midiOutUnprepareHeader
midiInGetDevCapsW
midiOutGetDevCapsW
midiInOpen
midiInPrepareHeader
midiInStart
midiInStop
midiInReset
midiInUnprepareHeader
midiInClose
midiOutOpen
midiOutReset
midiOutClose
midiOutPrepareHeader
midiOutLongMsg
timeEndPeriod

kernel32

SleepConditionVariableCS
WakeAllConditionVariable
GlobalAlloc
SleepConditionVariableSRW
GetCurrentDirectoryW
GetCommandLineW
GlobalUnlock
GlobalLock
GetTempPathA
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
WakeConditionVariable
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
InitializeConditionVariable
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleCP
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceFrequency
GetOverlappedResult
CancelIo
InitializeSListHead
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceBeginInitialize
InitOnceComplete
IsProcessorFeaturePresent
GetLocaleInfoEx
GetStringTypeW
GetFileInformationByHandleEx
SetFilePointerEx
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindFirstFileExW
FindFirstFileW
SetFileAttributesW
FindNextFileW
GetDiskFreeSpaceExW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetLastError
CreateFileW
GetFileTime
CloseHandle
RaiseException
GetProcessAffinityMask
GetCurrentProcess
SetThreadAffinityMask
GetCurrentThread
SetThreadPriority
SetPriorityClass
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
CreateMutexW
GetVersion
GetSystemDirectoryW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
GetUserDefaultUILanguage
GetLogicalDrives
GetCurrentThreadId
FlushFileBuffers
SetUnhandledExceptionFilter
GetSystemInfo
QueryPerformanceCounter
VirtualQueryEx
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
GetFileSize
ReadFile
LocalFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetTickCount64
VirtualFreeEx
GetModuleHandleW
GetProcAddress
Sleep
SetEvent
CreateEventW
WaitForSingleObject
ResetEvent
LoadLibraryW
FreeLibrary
GetModuleHandleA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTickCount
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
FindClose
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MonitorFromRect
EnableWindow
SetForegroundWindow
SetClipboardData
GetMonitorInfoW
EmptyClipboard
GetWindowTextW
DialogBoxParamW
IsClipboardFormatAvailable
GetDlgItem
SetWindowLongW
LoadIconW
GetClipboardData
CloseClipboard
OpenClipboard
SetClassLongW
ShowWindow
SetWindowTextW
EndDialog
SendMessageW
MessageBoxW
SetCursor
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterClassW
DestroyWindow
ReleaseDC
GetClientRect
UpdateWindow
RegisterTouchWindow
GetSystemMetrics
CreateWindowExW
RegisterClassW
LoadCursorW
SetProcessDPIAware
ScreenToClient
CloseTouchInputHandle
GetTouchInputInfo
IsZoomed
IsIconic
InvalidateRect
PostQuitMessage
ToUnicode
GetKeyboardState
MapVirtualKeyW
GetKeyState
GetWindowLongW
GetWindowThreadProcessId
EnumWindows
GetDC
SystemParametersInfoW
SendInput
DefWindowProcW
SetWindowPos
GetWindowRect
AdjustWindowRect
GetProcessWindowStation
GetUserObjectInformationW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
DragQueryFileW
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

ws2_32

htonl
htons
ntohs
ntohl

dbghelp

MiniDumpWriteDump

wininet

InternetGetConnectedState

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpen

opengl32

wglMakeCurrent
wglCreateContext
wglGetProcAddress
wglDeleteContext

gdiplus

GdipCreateMatrix
GdipDeleteMatrix
GdipScaleMatrix
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenWidth
GdipSetPenLineCap197819
GdipSetPenLineJoin
GdipCloneStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdiplusShutdown
GdipAlloc
GdipGetDC
GdipReleaseDC
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDrawPath
GdipGraphicsClear
GdipFillPath
GdipDrawString
GdipMeasureString
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipDeleteFontFamily
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipGetImageGraphicsContext

gdi32

ChoosePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
GetStockObject

advapi32

RegGetValueW
RegCreateKeyExW
RegSetValueExW

ole32

CoUninitialize
CoInitializeEx
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
CoTaskMemFree

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

Sections

.text
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0679b19bedcc2d327c0ad59c84279ba6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

version

setupapi

ws2_32

dbghelp

wininet

winhttp

opengl32

gdiplus

gdi32

advapi32

ole32

bcrypt

Sections

.text Size: - Virtual size: 3.5MB

.rdata Size: - Virtual size: 616KB

.data Size: - Virtual size: 285KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 14.8MB - Virtual size: 14.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 145KB - Virtual size: 14.0MB

.text
Size: - Virtual size: 3.5MB

.rdata
Size: - Virtual size: 616KB

.data
Size: - Virtual size: 285KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 14.8MB - Virtual size: 14.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 145KB - Virtual size: 14.0MB