980456d71fe0eede34aea2afcadb115a

Sharing

Copy URL

Twitter E-mail

General

Target

980456d71fe0eede34aea2afcadb115a
Size

54KB
MD5

980456d71fe0eede34aea2afcadb115a
SHA1

38547f1e8000cf42db1c24128fb032664852fd96
SHA256

ca80386ecca48067f669f4642ecada45d653ba812ef6a04fca39d4007956a818
SHA512

519ba6a2375ca277870ae61119e7fe0279c4c69994197f74d1e38834ca7521577025d9914e454f1a22a266434624f6c52b01c1bc4820b460f51fa622c8d7f727
SSDEEP

768:KNSqqNzctnK75oVkfn6fPo/auD/z3zyN7/V8XG5nTjJrK4nsbiPA/qT+45JpQ6:FqqNz0K7N6qpDA5yG5nTjUtWSW

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
980456d71fe0eede34aea2afcadb115a

Files

980456d71fe0eede34aea2afcadb115a
.dll windows:4 windows x86 arch:x86

d20755ec5b55bc211f87c2be66580567

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
IsBadReadPtr
CreateThread
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualAlloc
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
ReadFile
GetFileSize
GetTickCount
lstrcmpiA
lstrcmpA
GetCurrentProcess
ExitProcess
GetTempPathA
lstrcatA
Sleep
lstrlenA
lstrcpynA
lstrcpyA
CreateFileA
WriteFile
CloseHandle
VirtualProtect
GetSystemDirectoryA
OutputDebugStringA

user32

SetWindowsHookExA
CallNextHookEx
GetForegroundWindow
GetClassNameA
EnumWindows
GetSystemMetrics
IsIconic
GetActiveWindow
ShowWindow
SetForegroundWindow
GetWindowInfo
PrintWindow
FindWindowA
UnhookWindowsHookEx
GetWindowThreadProcessId
IsRectEmpty
ReleaseDC
LoadImageA
GetDC
ShowScrollBar
EndDialog
GetWindowTextA
GetDlgItem
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
ExitWindowsEx
DialogBoxParamA
FindWindowExA
PostThreadMessageA

gdi32

CreateCompatibleBitmap
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps
StretchBlt
GetObjectA
SelectObject
CreateCompatibleDC
GetStockObject
SetTextColor
SetBkColor
GetDIBits
RealizePalette
SelectPalette
CreateDCA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

wininet

InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
HttpQueryInfoA
InternetOpenUrlA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetQueryDataAvailable
HttpAddRequestHeadersA

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdipCloneImage

netapi32

Netbios

msvcrt

atoi
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strstr
memmove
strchr
strrchr
sscanf

Exports

Exports

DeleteSelf
Hookoff
Hookon
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d20755ec5b55bc211f87c2be66580567

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 512B - Virtual size: 264B

.vmp0 Size: 3KB - Virtual size: 2KB

.vmp1 Size: 16KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 264B

.vmp0
Size: 3KB - Virtual size: 2KB

.vmp1
Size: 16KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 2KB