b6373944bd3ebca98c0df72198845d41

Sharing

Copy URL Twitter E-mail

General

Target

b6373944bd3ebca98c0df72198845d41
Size

1.3MB
MD5

b6373944bd3ebca98c0df72198845d41
SHA1

dadcab5085c562ecbfb389a4c51fe4a39b59a158
SHA256

e1fe035799333e295572b92af86edfcb9ff609a35379bf9a5e3bcb15103bbd9a
SHA512

29843af9ab66e8279373f9094a178c5b8d9472ed767ac13c43dd22ff8e778484dba864feb15ad07f939791bfa3c9fc957b5de60da60942ed9422565b8dd9507a
SSDEEP

6144:IciirVVXyHnIdeLd89NlGB/xsj16QUm4bEuTo8tJJ6sToN3rbhE0OctTenBUH6Hv:TVCHngNlGBpsj1UHVdcN3HVtTe

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6373944bd3ebca98c0df72198845d41

Files

b6373944bd3ebca98c0df72198845d41
.exe windows:4 windows x86 arch:x86

a1a5e02ac3b6096ec827ce439ea54c68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
MessageBeep
SendMessageA
DestroyCursor
SetParent
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
UpdateWindow
GetCursorPos
GetWindowRect
DestroyMenu
IsChild
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetWindowLongA
GetWindowLongA
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
LoadBitmapA
CopyRect
ChildWindowFromPointEx
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
IsIconic
EmptyClipboard
OpenClipboard
GetClipboardData
CloseClipboard
SetCursorPos
RemovePropA
SetMenu
DefWindowProcA
GetClassInfoA
GetSystemMenu
PostThreadMessageA
MapDialogRect
SetWindowContextHelpId
CharNextA
GetClassNameA
SetMenuItemBitmaps
MoveWindow
IsDialogMessageA
SetWindowTextA
SystemParametersInfoA
TranslateMessage
DrawFrameControl
DrawEdge
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
EnumDisplaySettingsA
LoadImageA
TranslateAcceleratorA
PostQuitMessage
IsZoomed
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
DrawTextA
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
CallWindowProcA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetScrollPos
MapWindowPoints
SendDlgItemMessageA
MessageBoxA

gdi32

SelectPalette
GetWindowExtEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateBitmap
FillRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndDoc
DeleteDC
StartPage
BitBlt
SetBkColor
CreateCompatibleDC
Ellipse
DPtoLP
CreatePalette
GetTextExtentPoint32A
SaveDC
RestoreDC
SetBkMode
SetROP2
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
CreateDIBitmap
DeleteObject
CreatePolygonRgn
SetStretchBltMode
ExtSelectClipRgn
GetViewportExtEx
CreateRectRgnIndirect
GetMapMode
GetTextMetricsA
Escape
TextOutA
RectVisible
PtVisible
ord1002
GetTextMetricsW

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutReset
waveOutGetNumDevs
midiStreamProperty
midiOutPrepareHeader
midiStreamClose

winspool.drv

OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromProgID
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CLSIDFromString
OleUninitialize
OleInitialize
OleFlushClipboard

oleaut32

SafeArrayGetElemsize
SysAllocStringByteLen
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VariantTimeToSystemTime
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SysStringLen

oledlg

ord8

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

msvcr100

_isctype

mfc42u

ord6582

shlwapi

ord8

rpcrt4

TowerExplode

Sections

.text
Size: - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1a5e02ac3b6096ec827ce439ea54c68

Headers

File Characteristics

Imports

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

oledlg

comdlg32

msvcr100

mfc42u

shlwapi

rpcrt4

Sections

.text Size: - Virtual size: 565KB

.rdata Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 199KB

.rsrc Size: 8KB - Virtual size: 21KB

.vmp0 Size: - Virtual size: 12KB

.vmp1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 108B

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.l1 Size: 12KB - Virtual size: 12KB

.text
Size: - Virtual size: 565KB

.rdata
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 199KB

.rsrc
Size: 8KB - Virtual size: 21KB

.vmp0
Size: - Virtual size: 12KB

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 108B

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB

.l1
Size: 12KB - Virtual size: 12KB