80490d459f8b63b049a07220a1bcccf9

Sharing

Copy URL Twitter E-mail

General

Target

80490d459f8b63b049a07220a1bcccf9
Size

321KB
MD5

80490d459f8b63b049a07220a1bcccf9
SHA1

9e821023cd4c9534ad2c51cb23bfd4b0d9746e65
SHA256

e873fe7fecf07b18f406da0a76bda506ec7912b3c7bcdafb4e234f8c0dcf278d
SHA512

082336db35c43042de2735ba4c5ca0bff8e6fac9f4ad90a4ce9a73c19af19563a93ffad5598a420907062392cc2d0d41db0d10ae2004cb5c244427232075ae90
SSDEEP

6144:PLg8k1IIdOsbasxhNOYNO8oOB4QAp1h8E/yVr/AR1euTnmTnv:PLWOpsgYo8oOB4Q2n8MyBA6u0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80490d459f8b63b049a07220a1bcccf9

Files

80490d459f8b63b049a07220a1bcccf9
.dll windows:5 windows x86 arch:x86

13f2d309d89ff9ad36dfe28b4a1cb718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

bind
recv
WSACleanup
shutdown
connect
WSASetLastError
__WSAFDIsSet
WSAGetLastError
WSAIoctl
sendto
recvfrom
ioctlsocket
socket
getprotobyname
getservbyname
getpeername
getaddrinfo
select
htons
getsockname
setsockopt
getsockopt
getnameinfo
accept
htonl
freeaddrinfo
send
closesocket
listen
ntohl
ntohs
gethostname
WSAStartup
inet_addr
gethostbyname

iphlpapi

GetAdaptersInfo
SendARP

advapi32

OpenServiceA
CloseServiceHandle
OpenSCManagerW
CreateServiceA
CryptCreateHash
CryptHashData
CryptGetHashParam
QueryServiceStatus
RegEnumKeyW
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
RegSetValueExA
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegCreateKeyExA
SetServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
RegOpenKeyExA
StartServiceW

kernel32

CloseHandle
InterlockedCompareExchange
SwitchToThread
CreateThread
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
GetTickCount
ReadFile
GetShortPathNameA
GetProcAddress
CreateFileMappingA
GetTempPathA
SetEvent
SleepEx
WaitForSingleObjectEx
InitializeCriticalSection
CreateEventA
LeaveCriticalSection
CreateSemaphoreA
ReleaseSemaphore
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
OutputDebugStringA
FormatMessageA
GetVersion
FindClose
FreeLibrary
InterlockedExchange
CreateMutexW
QueryPerformanceCounter
GlobalLock
WaitForSingleObject
GetModuleHandleW
WriteFile
GlobalAlloc
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
MultiByteToWideChar
GlobalUnlock
SetLastError
GlobalFree
GlobalHandle
ReleaseMutex
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
HeapReAlloc
DecodePointer
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetLastError
InitializeCriticalSectionAndSpinCount
ExitProcess
ExitThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
GetDriveTypeA
FindFirstFileExA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
GetModuleFileNameW
SetHandleCount
GetStartupInfoW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryW
GetStringTypeW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
CreateFileW
GetCurrentProcess
Sleep
EncodePointer
CreateEventW
SetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

ServiceMain
install

Sections

.text
Size: - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp2
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13f2d309d89ff9ad36dfe28b4a1cb718

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

advapi32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 407KB

.rdata Size: - Virtual size: 124KB

.data Size: - Virtual size: 42KB

.rsrc Size: 1024B - Virtual size: 1000B

.vmp0 Size: - Virtual size: 23KB

.vmp1 Size: - Virtual size: 19KB

.vmp2 Size: 319KB - Virtual size: 318KB

.reloc Size: 512B - Virtual size: 196B

.text
Size: - Virtual size: 407KB

.rdata
Size: - Virtual size: 124KB

.data
Size: - Virtual size: 42KB

.rsrc
Size: 1024B - Virtual size: 1000B

.vmp0
Size: - Virtual size: 23KB

.vmp1
Size: - Virtual size: 19KB

.vmp2
Size: 319KB - Virtual size: 318KB

.reloc
Size: 512B - Virtual size: 196B