56c8511edc93bd650e1838a219a74a5fde9abe1e80196901c7c8336118153afa

Sharing

Copy URL Twitter E-mail

General

Target

56c8511edc93bd650e1838a219a74a5fde9abe1e80196901c7c8336118153afa
Size

14.2MB
MD5

00da6c632505d0832c92b442b88a23c3
SHA1

b3de92d83f1ec4ed9f60975d04773a4ba1ffdbd5
SHA256

56c8511edc93bd650e1838a219a74a5fde9abe1e80196901c7c8336118153afa
SHA512

4e59a519481af63a05a76b43c4ee3b00d4b5e54888991d5fa8328c7cfeca111f48bd407ecc746db31fe1b74a7a97ff0e86f338c882b4452a0ffcb59d3e688e30
SSDEEP

393216:GcBqWFerANIUbeOvgPAgsMp0kWhensTIlod8:LGAOURoUMp0kWhens0lD

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56c8511edc93bd650e1838a219a74a5fde9abe1e80196901c7c8336118153afa

Files

56c8511edc93bd650e1838a219a74a5fde9abe1e80196901c7c8336118153afa
.dll windows:5 windows x86 arch:x86

2fb684b59760197ed90b5fe4fcf58a20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges

kernel32

GetVersion
GetVersionExA
GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

version

GetFileVersionInfoSizeW

wsock32

WSACleanup

winspool.drv

ClosePrinter

comctl32

FlatSB_GetScrollInfo

gdi32

AbortDoc

msimg32

AlphaBlend

shell32

SHBrowseForFolderW

user32

ActivateKeyboardLayout
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmInstallIMEA

ole32

CoCreateGuid

oleaut32

GetErrorInfo

iphlpapi

GetExtendedTcpTable

ws2_32

WSAWaitForMultipleEvents

wtsapi32

WTSSendMessageW

Exports

Exports

@$xp$21Overbyteicsssleay@PDH
@$xp$22Overbyteicscsc@TIcsCsc
@$xp$22Overbyteicsssleay@PBIO
@$xp$22Overbyteicsssleay@PDSA
@$xp$22Overbyteicsssleay@PRSA
@$xp$22Overbyteicsssleay@PSSL
@$xp$23Overbyteicsssleay@PPBIO
@$xp$23Overbyteicsssleay@PX509
@$xp$24Overbyteicsmd5@TMD5State
@$xp$24Overbyteicsssleay@PPChar
@$xp$24Overbyteicsssleay@PPKCS7
@$xp$24Overbyteicsssleay@PPX509
@$xp$24Overbyteicsssleay@PSTACK
@$xp$24Overbyteicsssleay@TDH_st
@$xp$24Overbyteicstypes@Psize_t
@$xp$24Overbyteicswsocket@TBind
@$xp$24Overbyteicswsocket@TRecv
@$xp$24Overbyteicswsocket@TSend
@$xp$25Overbyteicscsc@TIcsCscStr
@$xp$25Overbyteicsmd4@PMD4Digest
@$xp$25Overbyteicsmd4@TMD4Digest
@$xp$25Overbyteicsmd5@TMD5Digest
@$xp$25Overbyteicsssleay@PEC_KEY
@$xp$25Overbyteicsssleay@PEVP_MD
@$xp$25Overbyteicsssleay@PPKCS12
@$xp$25Overbyteicsssleay@PPPKCS7
@$xp$25Overbyteicsssleay@TBIO_st
@$xp$25Overbyteicsssleay@TDSA_st
@$xp$25Overbyteicsssleay@TRSA_st
@$xp$25Overbyteicsssleay@TSSL_st
@$xp$25Overbyteicswsocket@Thtonl
@$xp$25Overbyteicswsocket@Thtons
@$xp$25Overbyteicswsocket@Tntohl
@$xp$25Overbyteicswsocket@Tntohs
@$xp$26Overbyteicsmd4@TMD4Context
@$xp$26Overbyteicsmd5@TMD5Context
@$xp$26Overbyteicsssleay@PPPKCS12
@$xp$26Overbyteicsssleay@PSSL_CTX
@$xp$26Overbyteicsssleay@TX509_st
@$xp$26Overbyteicsutils@PLongBool
@$xp$26Overbyteicswsocket@TAccept
@$xp$26Overbyteicswsocket@TListen
@$xp$26Overbyteicswsocket@TSendTo
@$xp$26Overbyteicswsocket@ip_mreq
@$xp$27Overbyteicsmd4@MD4Exception
@$xp$27Overbyteicsmd5@TMD5Progress
@$xp$27Overbyteicsssleay@PEVP_PKEY
@$xp$27Overbyteicsssleay@PX509_CRL
@$xp$27Overbyteicsssleay@PX509_REQ
@$xp$27Overbyteicsssleay@PX509_VAL
@$xp$27Overbyteicsssleay@TPKCS7_st
@$xp$27Overbyteicsssleay@TSTACK_st
@$xp$27Overbyteicswsocket@TConnect
@$xp$27Overbyteicswsocket@TSslMode
@$xp$27Overbyteicswsocket@TWSocket
@$xp$28Overbyteicshttpprot@THttpCli
@$xp$28Overbyteicslogger@TIcsLogger
@$xp$28Overbyteicslogger@TLogOption
@$xp$28Overbyteicsssleay@PASN1_ITEM
@$xp$28Overbyteicsssleay@PASN1_TIME
@$xp$28Overbyteicsssleay@PASN1_TYPE
@$xp$28Overbyteicsssleay@PPAnsiChar
@$xp$28Overbyteicsssleay@PPEVP_PKEY
@$xp$28Overbyteicsssleay@PPX509_CRL
@$xp$28Overbyteicsssleay@PX509_CINF
@$xp$28Overbyteicsssleay@PX509_INFO
@$xp$28Overbyteicsssleay@PX509_NAME
@$xp$28Overbyteicsssleay@PX509_PKEY
@$xp$28Overbyteicsssleay@TASN1_TIME
@$xp$28Overbyteicsssleay@TEC_KEY_st
@$xp$28Overbyteicsssleay@TEVP_MD_st
@$xp$28Overbyteicsssleay@TPKCS12_st
@$xp$28Overbyteicswsocket@TDataSent
@$xp$28Overbyteicswsocket@TRecvFrom
@$xp$28Overbyteicswsocket@TSendData
@$xp$28Overbyteicswsocket@TShutdown
@$xp$28Overbyteicswsocket@TSslEvent
@$xp$28Overbyteicswsocket@TSslState
@$xp$28Overbyteicswsocket@TWSAIoctl
@$xp$28Overbyteicswsocket@TX509Base
@$xp$28Overbyteicswsocket@TX509List
@$xp$29Overbyteicscsc@TIcsCpSizeFunc
@$xp$29Overbyteicsdes@PArrayOf8Bytes
@$xp$29Overbyteicsdes@TArrayOf8Bytes
@$xp$29Overbyteicslogger@TLogOptions
@$xp$29Overbyteicsssleay@PASN1_VALUE
@$xp$29Overbyteicsssleay@PBIO_METHOD
@$xp$29Overbyteicsssleay@PCONF_VALUE
@$xp$29Overbyteicsssleay@PEVP_CIPHER
@$xp$29Overbyteicsssleay@PSSL_METHOD
@$xp$29Overbyteicsssleay@PV3_EXT_CTX
@$xp$29Overbyteicsssleay@PX509_ALGOR
@$xp$29Overbyteicsssleay@PX509_STORE
@$xp$29Overbyteicsssleay@TCONF_VALUE
@$xp$29Overbyteicsssleay@TSSL_CTX_st
@$xp$29Overbyteicsssleay@TSetInfo_cb
@$xp$29Overbyteicswsocket@PExtension
@$xp$29Overbyteicswsocket@TExtension
@$xp$29Overbyteicswsocket@TInet_addr
@$xp$29Overbyteicswsocket@TInet_ntoa
@$xp$29Overbyteicswsocket@TSslOption
@$xp$29Overbyteicswsocket@TWndMethod
@$xp$29Overbyteicswsocket@TX509Class
@$xp$30Overbyteicscsc@TIcsCharsetType
@$xp$30Overbyteicscsc@TIcsConvertFunc
@$xp$30Overbyteicsdigestauth@THashHex
@$xp$30Overbyteicshttpcontcod@PStream
@$xp$30Overbyteicshttpprot@THttpState
@$xp$30Overbyteicshttpprot@TOnCommand
@$xp$30Overbyteicslogger@TIcsLogEvent
@$xp$30Overbyteicslogger@TNTEventType
@$xp$30Overbyteicsssleay@ASN1_BOOLEAN
@$xp$30Overbyteicsssleay@PASN1_OBJECT
@$xp$30Overbyteicsssleay@PASN1_STRING
@$xp$30Overbyteicsssleay@PPASN1_VALUE
@$xp$30Overbyteicsssleay@PSSL_SESSION
@$xp$30Overbyteicsssleay@PX509_LOOKUP
@$xp$30Overbyteicsssleay@PX509_OBJECT
@$xp$30Overbyteicsssleay@PX509_PUBKEY
@$xp$30Overbyteicsssleay@TEVP_PKEY_st
@$xp$30Overbyteicsssleay@TX509_CRL_st
@$xp$30Overbyteicsssleay@TX509_REQ_st
@$xp$30Overbyteicsssleay@TX509_VAL_st
@$xp$30Overbyteicswsockbuf@TIcsBuffer
@$xp$30Overbyteicswsocket@TGetSockOpt
@$xp$30Overbyteicswsocket@TOpenSocket
@$xp$30Overbyteicswsocket@TSetSockOpt
@$xp$30Overbyteicswsocket@TSocksState
@$xp$30Overbyteicswsocket@TSslContext
@$xp$30Overbyteicswsocket@TSslOptions
@$xp$30Overbyteicswsocket@TSslWSocket
@$xp$30Overbyteicswsocket@TWSACleanup
@$xp$30Overbyteicswsocket@TWSAStartup
@$xp$31Overbyteicshttpprot@TSslHttpCli
@$xp$31Overbyteicsssleay@PASN1_INTEGER
@$xp$31Overbyteicsssleay@PPKCS7_DIGEST
@$xp$31Overbyteicsssleay@PPKCS7_SIGNED
@$xp$31Overbyteicsssleay@PPSSL_SESSION
@$xp$31Overbyteicsssleay@PX509_PURPOSE
@$xp$31Overbyteicsssleay@TASN1_INTEGER
@$xp$31Overbyteicsssleay@TASN1_ITEM_st
@$xp$31Overbyteicsssleay@TASN1_TYPE_st
@$xp$31Overbyteicsssleay@TSetVerify_cb
@$xp$31Overbyteicsssleay@TX509_CINF_st
@$xp$31Overbyteicsssleay@TX509_INFO_st
@$xp$31Overbyteicsssleay@TX509_NAME_st
@$xp$31Overbyteicswndcontrol@TIcsTimer
@$xp$31Overbyteicswsocket@TChangeState
@$xp$31Overbyteicswsocket@TCloseSocket
@$xp$31Overbyteicswsocket@TGetHostName
@$xp$31Overbyteicswsocket@TGetPeerName
@$xp$31Overbyteicswsocket@TGetSockName
@$xp$31Overbyteicswsocket@THashBytes20
@$xp$31Overbyteicswsocket@TIoctlSocket
@$xp$31Overbyteicswsocket@TSocketState
@$xp$32Overbyteicscsc@Overbyteicscsc__1
@$xp$32Overbyteicshttpprot@THttpRequest
@$xp$32Overbyteicslogger@TLogFileOption
@$xp$32Overbyteicsssleay@PASN1_ITEM_EXP
@$xp$32Overbyteicsssleay@PPKCS7_ENCRYPT
@$xp$32Overbyteicsssleay@PX509_CRL_INFO
@$xp$32Overbyteicsssleay@TASN1_VALUE_st
@$xp$32Overbyteicsssleay@TBIO_METHOD_st
@$xp$32Overbyteicsssleay@TEVP_CIPHER_st
@$xp$32Overbyteicsssleay@TRSA_genkey_cb
@$xp$32Overbyteicsssleay@TSSL_METHOD_st
@$xp$32Overbyteicsssleay@TV3_EXT_CTX_st
@$xp$32Overbyteicsssleay@TX509_ALGOR_st
@$xp$32Overbyteicsssleay@TX509_STORE_st
@$xp$32Overbyteicsthreadtimer@TIcsClock
@$xp$32Overbyteicsutils@PUnicode_String
@$xp$32Overbyteicsutils@TIcsFileStreamW
@$xp$32Overbyteicsutils@TIcsIntegerList
@$xp$32Overbyteicsutils@TUnicode_String
@$xp$32Overbyteicswndcontrol@TIcsMsgMap
@$xp$32Overbyteicswsockbuf@TWSocketData
@$xp$32Overbyteicswsocket@EOpenSslError
@$xp$32Overbyteicswsocket@TDebugDisplay
@$xp$32Overbyteicswsocket@TSocksWSocket
@$xp$32Overbyteicswsocket@TTcpKeepAlive
@$xp$32Overbyteicswsocket@TTimeoutEvent
@$xp$32Overbyteicswsocket@TX509ListSort
@$xp$33Overbyteicshttpprot@TDocDataEvent
@$xp$33Overbyteicshttpprot@THttpAuthType
@$xp$33Overbyteicshttpprot@THttpEncoding
@$xp$33Overbyteicsmimeutils@TMimeTypeSrc
@$xp$33Overbyteicsntlmmsgs@TNTLM_SecBuff
@$xp$33Overbyteicsssleay@PClient_cert_cb
@$xp$33Overbyteicsssleay@PGet_session_cb
@$xp$33Overbyteicsssleay@PNew_session_cb
@$xp$33Overbyteicsssleay@PPKCS7_ENVELOPE
@$xp$33Overbyteicsssleay@PPSTACK_OF_X509
@$xp$33Overbyteicsssleay@PX509V3_EXT_D2I
@$xp$33Overbyteicsssleay@PX509V3_EXT_I2D
@$xp$33Overbyteicsssleay@PX509V3_EXT_I2R
@$xp$33Overbyteicsssleay@PX509V3_EXT_I2S
@$xp$33Overbyteicsssleay@PX509V3_EXT_I2V
@$xp$33Overbyteicsssleay@PX509V3_EXT_NEW
@$xp$33Overbyteicsssleay@PX509V3_EXT_R2I
@$xp$33Overbyteicsssleay@PX509V3_EXT_S2I
@$xp$33Overbyteicsssleay@PX509V3_EXT_V2I
@$xp$33Overbyteicsssleay@PX509_EXTENSION
@$xp$33Overbyteicsssleay@PX509_STORE_CTX
@$xp$33Overbyteicsssleay@TASN1_OBJECT_st
@$xp$33Overbyteicsssleay@TASN1_STRING_st
@$xp$33Overbyteicsssleay@TClient_cert_cb
@$xp$33Overbyteicsssleay@TGet_session_cb
@$xp$33Overbyteicsssleay@TNew_session_cb
@$xp$33Overbyteicsssleay@TPrivate_key_st
@$xp$33Overbyteicsssleay@TSSL_SESSION_st
@$xp$33Overbyteicsssleay@TX509_OBJECT_st
@$xp$33Overbyteicsssleay@TX509_PUBKEY_st
@$xp$33Overbyteicsssleay@TX509_lookup_st
@$xp$33Overbyteicswsocket@EX509Exception
@$xp$33Overbyteicswsocket@TCustomWSocket
@$xp$33Overbyteicswsocket@TDataAvailable
@$xp$33Overbyteicswsocket@TDnsLookupDone
@$xp$33Overbyteicswsocket@TGetHostByAddr
@$xp$33Overbyteicswsocket@TGetHostByName
@$xp$33Overbyteicswsocket@TGetServByName
@$xp$33Overbyteicswsocket@TSessionClosed
@$xp$33Overbyteicswsocket@TSslVerifyFlag
@$xp$33Overbyteicswsocket@TTimeoutReason
@$xp$33Overbyteicswsocket@TWSocketOption
@$xp$34Overbyteicshttpprot@EHttpException
@$xp$34Overbyteicshttpprot@THttpCliOption
@$xp$34Overbyteicshttpprot@THttpNTLMState
@$xp$34Overbyteicslogger@ELoggerException
@$xp$34Overbyteicslogger@TLogFileEncoding
@$xp$34Overbyteicsntlmmsgs@TNTLM_Message1
@$xp$34Overbyteicsntlmmsgs@TNTLM_Message2
@$xp$34Overbyteicsntlmmsgs@TNTLM_Message3
@$xp$34Overbyteicsssleay@PASN1_BIT_STRING
@$xp$34Overbyteicsssleay@PCRYPTO_THREADID
@$xp$34Overbyteicsssleay@PEVP_CIPHER_INFO
@$xp$34Overbyteicsssleay@PX509V3_EXT_FREE
@$xp$34Overbyteicsssleay@PX509_NAME_ENTRY
@$xp$34Overbyteicsssleay@TPKCS7_DIGEST_st
@$xp$34Overbyteicsssleay@TPKCS7_SIGNED_st
@$xp$34Overbyteicsssleay@TPem_password_cb
@$xp$34Overbyteicsssleay@TX509_PURPOSE_st
@$xp$34Overbyteicswndcontrol@TWhMaxMsgIDs
@$xp$34Overbyteicswsocket@TBioOpenMethode
@$xp$34Overbyteicswsocket@TGetProtoByName
@$xp$34Overbyteicswsocket@TLineLimitEvent
@$xp$34Overbyteicswsocket@TSocksAuthState
@$xp$34Overbyteicswsocket@TSslVerifyFlags
@$xp$34Overbyteicswsocket@TWSAAsyncSelect
@$xp$34Overbyteicswsocket@TWSocketCounter
@$xp$34Overbyteicswsocket@TWSocketOptions
@$xp$35Overbyteicshttpprot@THttpBasicState
@$xp$35Overbyteicshttpprot@THttpChunkState
@$xp$35Overbyteicshttpprot@THttpCliOptions
@$xp$35Overbyteicsmimeutils@TMimeTypesList
@$xp$35Overbyteicsntlmmsgs@TNTLM_Msg2_Info
@$xp$35Overbyteicsntlmmsgs@TNTLM_OSVersion
@$xp$35Overbyteicsssleay@TPKCS7_ENCRYPT_st
@$xp$35Overbyteicsssleay@TX509_CRL_INFO_st
@$xp$35Overbyteicsthreadtimer@PIcsClockRec
@$xp$35Overbyteicsthreadtimer@TIcsClockRec
@$xp$35Overbyteicswndcontrol@EIcsException
@$xp$35Overbyteicswsocket@ESocketException
@$xp$35Overbyteicswsocket@THttpTunnelProto
@$xp$35Overbyteicswsocket@THttpTunnelState
@$xp$35Overbyteicswsocket@TInfoExtractMode
@$xp$35Overbyteicswsocket@TSocketSendFlags
@$xp$35Overbyteicswsocket@TSocksErrorEvent
@$xp$35Overbyteicswsocket@TWSAGetLastError
@$xp$35Overbyteicswsocket@TWSASetLastError
@$xp$36Overbyteicscharsetutils@PCharsetInfo
@$xp$36Overbyteicscharsetutils@TCharsetInfo
@$xp$36Overbyteicscharsetutils@TCodePageObj
@$xp$36Overbyteicscharsetutils@TMimeCharset
@$xp$36Overbyteicshttpcontcod@THttpCCodStar
@$xp$36Overbyteicshttpprot@TCookieRcvdEvent
@$xp$36Overbyteicshttpprot@THttpDigestState
@$xp$36Overbyteicshttpprot@THttpRequestDone
@$xp$36Overbyteicsssleay@PASN1_OCTET_STRING
@$xp$36Overbyteicsssleay@PPKCS7_ENC_CONTENT
@$xp$36Overbyteicsssleay@PRemove_session_cb
@$xp$36Overbyteicsssleay@PX509V3_EXT_METHOD
@$xp$36Overbyteicsssleay@TRemove_session_cb
@$xp$36Overbyteicsssleay@TX509V3_EXT_METHOD
@$xp$36Overbyteicsssleay@TX509_EXTENSION_st
@$xp$36Overbyteicsssleay@TX509_STORE_CTX_st
@$xp$36Overbyteicsthreadtimer@TIcsClockPool
@$xp$36Overbyteicswndcontrol@TIcsWndControl
@$xp$36Overbyteicswndcontrol@TIcsWndHandler
@$xp$36Overbyteicswsocket@TCustomSslWSocket
@$xp$36Overbyteicswsocket@TSessionAvailable
@$xp$36Overbyteicswsocket@TSessionConnected
@$xp$36Overbyteicswsocket@TSslBaseComponent
@$xp$36Overbyteicswsocket@TSslCliGetSession
@$xp$36Overbyteicswsocket@TSslCliNewSession
@$xp$36Overbyteicswsocket@TSslPendingEvents
@$xp$36Overbyteicswsocket@TSslSessCacheMode
@$xp$36Overbyteicswsocket@TSslSvrGetSession
@$xp$36Overbyteicswsocket@TSslSvrNewSession
@$xp$36Overbyteicswsocket@TSslVersionMethod
@$xp$37Overbyteicscharsetutils@TCharsetInfos
@$xp$37Overbyteicscharsetutils@TMimeCharsets
@$xp$37Overbyteicscsc@TIcsNextCodePointFlags
@$xp$37Overbyteicsdigestauth@TIcsNonceString
@$xp$37Overbyteicslibeay@EIcsLibeayException
@$xp$37Overbyteicslibeay@TStatLockIDCallback
@$xp$37Overbyteicsssleay@EIcsSsleayException
@$xp$37Overbyteicsssleay@PSTACK_OF_X509_INFO
@$xp$37Overbyteicsssleay@PSTACK_OF_X509_NAME
@$xp$37Overbyteicsssleay@PX509_LOOKUP_METHOD
@$xp$37Overbyteicsssleay@TCRYPTO_THREADID_st
@$xp$37Overbyteicsssleay@TEVP_CIPHER_INFO_st
@$xp$37Overbyteicsssleay@TPKCS7_ENVELOPED_st
@$xp$37Overbyteicsssleay@TX509_NAME_ENTRY_st
@$xp$37Overbyteicsutils@TCharsetDetectResult
@$xp$37Overbyteicswsockbuf@TIcsBufferHandler
@$xp$37Overbyteicswsocket@TCustomLineWSocket
@$xp$37Overbyteicswsocket@TCustomSyncWSocket
@$xp$37Overbyteicswsocket@TSocketLingerOnOff
@$xp$37Overbyteicswsocket@TSslCliCertRequest
@$xp$37Overbyteicswsocket@TSslSessCacheModes
@$xp$37Overbyteicswsocket@TSslVerifyPeerMode
@$xp$38Overbyteicslibeay@TDynLockLockCallback
@$xp$38Overbyteicsssleay@PPKCS7_SIGN_ENVELOPE
@$xp$38Overbyteicsthreadtimer@TIcsClockThread
@$xp$38Overbyteicsthreadtimer@TIcsThreadTimer
@$xp$38Overbyteicswndcontrol@TIcsMessageEvent
@$xp$38Overbyteicswsocket@TCustomSocksWSocket
@$xp$38Overbyteicswsocket@THttpTunnelAuthType
@$xp$38Overbyteicswsocket@TSslVerifyPeerEvent
@$xp$38Overbyteicswsocket@TSslVerifyPeerModes
@$xp$39Overbyteicsdigestauth@TAuthDigestMethod
@$xp$39Overbyteicsdigestauth@TIcsAuthDigestQop
@$xp$39Overbyteicshttpcontcod@THttpContCodItem
@$xp$39Overbyteicslibeay@PCRYPTO_dynlock_value
@$xp$39Overbyteicslibeay@TStatLockLockCallback
@$xp$39Overbyteicsssleay@TPKCS7_ENC_CONTENT_st
@$xp$39Overbyteicsssleay@TPKCS7_SIGNER_INFO_st
@$xp$39Overbyteicsutils@EIcsStringConvertError
@$xp$39Overbyteicswsocket@ESslContextException
@$xp$39Overbyteicswsocket@TSocksAuthStateEvent
@$xp$39Overbyteicswsocket@TSocksAuthentication
@$xp$39Overbyteicswsocket@TSslShutDownComplete
@$xp$39Overbyteicswsocket@TWSocketCounterClass
@$xp$39Overbyteicswsocket@TWSocketSyncNextProc
@$xp$40Overbyteicshttpcontcod@THttpCCodIdentity
@$xp$40Overbyteicshttpprot@THttpBeforeAuthEvent
@$xp$40Overbyteicslibeay@TDynLockCreateCallback
@$xp$40Overbyteicsssleay@PKCS7_SIGNER_INFO_OSSL
@$xp$40Overbyteicsssleay@TX509_lookup_method_st
@$xp$40Overbyteicswndcontrol@EIcsTimerException
@$xp$40Overbyteicswndcontrol@TIcsWndHandlerList
@$xp$40Overbyteicswndcontrol@TIcsWndHandlerPool
@$xp$40Overbyteicswsockbuf@TIcsBufferLinkedList
@$xp$40Overbyteicswsocket@Overbyteicswsocket__4
@$xp$40Overbyteicswsocket@TCustomTimeoutWSocket
@$xp$40Overbyteicswsocket@THttpTunnelChunkState
@$xp$40Overbyteicswsocket@THttpTunnelErrorEvent
@$xp$40Overbyteicswsocket@TSocketKeepAliveOnOff
@$xp$41Overbyteicsdigestauth@PAuthDigestNonceRec
@$xp$41Overbyteicsdigestauth@TAuthDigestNonceRec
@$xp$41Overbyteicshttpcontcod@THttpContentCoding
@$xp$41Overbyteicslibeay@TCryptoThreadIDCallback
@$xp$41Overbyteicslibeay@TDynLockDestroyCallback
@$xp$41Overbyteicsutils@TRtlCompareUnicodeString
@$xp$41Overbyteicswndcontrol@TIcsExceptAbortProc
@$xp$41Overbyteicswsocket@TSslHandshakeDoneEvent
@$xp$41Overbyteicswsocket@TWSAAsyncGetHostByAddr
@$xp$41Overbyteicswsocket@TWSAAsyncGetHostByName
@$xp$41Overbyteicswsocket@TWSACancelAsyncRequest
@$xp$42Overbyteicshttpcontcod@THttpContCodHandler
@$xp$42Overbyteicshttpprot@TBeforeHeaderSendEvent
@$xp$42Overbyteicslibeay@TCRYPTO_dynlock_value_st
@$xp$42Overbyteicsssleay@PKCS7_signedandenveloped
@$xp$42Overbyteicsssleay@PPKCS7_ISSUER_AND_SERIAL
@$xp$42Overbyteicswndcontrol@TIcsBgExceptionEvent
@$xp$42Overbyteicswsocket@TCustomThrottledWSocket
@$xp$42Overbyteicswsocket@TSslSetSessionIDContext
@$xp$43Overbyteicshttpprot@TLocationChangeExceeded
@$xp$43Overbyteicswsocket@TCustomHttpTunnelWSocket
@$xp$43Overbyteicswsocket@TSslContextRemoveSession
@$xp$44Overbyteicshttpcontcod@TWriteBufferProcedure
@$xp$45Overbyteicsdigestauth@EIcsAuthenticationError
@$xp$45Overbyteicsdigestauth@TAuthDigestResponseInfo
@$xp$45Overbyteicsdigestauth@TIcsAuthDigestAlgorithm
@$xp$45Overbyteicsssleay@TPKCS7_ISSUER_AND_SERIAL_st
@$xp$45Overbyteicswsocket@THttpTunnelServerAuthTypes
@$xp$46Overbyteicshttpcontcod@THttpContentCodingClass
@$xp$46Overbyteicswsocket@THttpTunnelReconnectRequest
@$xp$50Overbyteicshttpcontcod@EHttpContentCodingException
@$xp$50Overbyteicswndcontrol@TIcsFinalBgExceptionHandling
@$xp$8PINT_PTR
@$xp$9PUINT_PTR
@@Aes@Finalize
@@Aes@Initialize
@@Apiinterface@Finalize
@@Apiinterface@Initialize
@@Base64@Finalize
@@Base64@Initialize
@@Clientsession@Finalize
@@Clientsession@Initialize
@@Commdef@Finalize
@@Commdef@Initialize
@@Connecttoforwarderserverthread@Finalize
@@Connecttoforwarderserverthread@Initialize
@@Connecttologinserverthread@Finalize
@@Connecttologinserverthread@Initialize
@@Crc32@Finalize
@@Crc32@Initialize
@@Dealcmdthread@Finalize
@@Dealcmdthread@Initialize
@@Debugger@Finalize
@@Debugger@Initialize
@@Debuggerdef@Finalize
@@Debuggerdef@Initialize
@@Debuggerthread@Finalize
@@Debuggerthread@Initialize
@@Des@Finalize
@@Des@Initialize
@@Dlqcommonfun@Finalize
@@Dlqcommonfun@Initialize
@@Dunmainform@Finalize
@@Dunmainform@Initialize
@@En@Finalize
@@En@Initialize
@@Ende@Finalize
@@Ende@Initialize
@@Fwgthread_mem@Finalize
@@Fwgthread_mem@Initialize
@@Fwgthread_window@Finalize
@@Fwgthread_window@Initialize
@@Gethardinfo@Finalize
@@Gethardinfo@Initialize
@@Getspcodefun@Finalize
@@Getspcodefun@Initialize
@@Ghd@Finalize
@@Ghd@Initialize
@@Httpsi@Finalize
@@Httpsi@Initialize
@@Injectfun@Finalize
@@Injectfun@Initialize
@@Listenthread@Finalize
@@Listenthread@Initialize
@@Oridlqoperate@Finalize
@@Oridlqoperate@Initialize
@@Pubdef@Finalize
@@Pubdef@Initialize
@@Pubencrypt@Finalize
@@Pubencrypt@Initialize
@@Pubfun@Finalize
@@Pubfun@Initialize
@@Pubsocket@Finalize
@@Pubsocket@Initialize
@@Recvfromforwarderserverthread@Finalize
@@Recvfromforwarderserverthread@Initialize
@@Scanthread@Finalize
@@Scanthread@Initialize
@@Searchfilethread@Finalize
@@Searchfilethread@Initialize
@@Searchmem@Finalize
@@Searchmem@Initialize
@@Searchwindow@Finalize
@@Searchwindow@Initialize
@@Sendfile@Finalize
@@Sendfile@Initialize
@@Sendscreen@Finalize
@@Sendscreen@Initialize
@@Showactorthread@Finalize
@@Showactorthread@Initialize
@@Smdef@Finalize
@@Smdef@Initialize
@@Systemutility@Finalize
@@Systemutility@Initialize
@@Tchkmemthread@Finalize
@@Tchkmemthread@Initialize
@@Upform@Finalize
@@Upform@Initialize
@@Volumninfo@Finalize
@@Volumninfo@Initialize
@@Waitfordlqthread@Finalize
@@Waitfordlqthread@Initialize
@@Xde@Finalize
@@Xde@Initialize
@@_md5@Finalize
@@_md5@Initialize
@Overbyteicscharsetutils@AnsiCodePageFromLocale$qqrui
@Overbyteicscharsetutils@CodePageToMimeCharset$qqrui
@Overbyteicscharsetutils@CodePageToMimeCharsetString$qqrui
@Overbyteicscharsetutils@ExtractMimeName$qqrp36Overbyteicscharsetutils@TCharsetInfo
@Overbyteicscharsetutils@Finalization$qqrv
@Overbyteicscharsetutils@GetFriendlyCharsetList$qqrp16Classes@TStringsrx65System@%Set$t36Overbyteicscharsetutils@TMimeCharset$iuc$0$iuc$80%o
@Overbyteicscharsetutils@GetMimeCharsetList$qqrp16Classes@TStringsrx65System@%Set$t36Overbyteicscharsetutils@TMimeCharset$iuc$0$iuc$80%o
@Overbyteicscharsetutils@GetMimeInfo$qqr36Overbyteicscharsetutils@TMimeCharset
@Overbyteicscharsetutils@GetMimeInfo$qqrui
@Overbyteicscharsetutils@GetMimeInfo$qqrx20System@UnicodeString
@Overbyteicscharsetutils@GetSystemCodePageList$qqrp19Contnrs@TObjectList
@Overbyteicscharsetutils@GetThreadAnsiCodePage$qqrv
@Overbyteicscharsetutils@GetThreadOemCodePage$qqrv
@Overbyteicscharsetutils@GetUserDefaultAnsiCodePage$qqrv
@Overbyteicscharsetutils@GetUserDefaultOemCodePage$qqrv
@Overbyteicscharsetutils@IcsIsValidCodePageID$qqrui

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fb684b59760197ed90b5fe4fcf58a20

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

winspool.drv

comctl32

gdi32

msimg32

shell32

user32

imm32

ole32

oleaut32

iphlpapi

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 161KB - Virtual size: 204KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 16KB - Virtual size: 16KB

.didata Size: 1024B - Virtual size: 4KB

.edata Size: 136KB - Virtual size: 140KB

.vmp0 Size: 6.9MB - Virtual size: 6.9MB

.vmp1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 119KB - Virtual size: 118KB

.rsrc Size: 1024B - Virtual size: 944B

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 161KB - Virtual size: 204KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 16KB - Virtual size: 16KB

.didata
Size: 1024B - Virtual size: 4KB

.edata
Size: 136KB - Virtual size: 140KB

.vmp0
Size: 6.9MB - Virtual size: 6.9MB

.vmp1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 119KB - Virtual size: 118KB

.rsrc
Size: 1024B - Virtual size: 944B