bca5e287f8a07269fb76aba7a88897f3

Sharing

Copy URL Twitter E-mail

General

Target

bca5e287f8a07269fb76aba7a88897f3
Size

464KB
MD5

bca5e287f8a07269fb76aba7a88897f3
SHA1

6480e6ce2b5218ff4aee2882d835c85668f995b0
SHA256

e9f19f669154c2dd36d41e8f7b7794a30bfe435b2ca1873331e88c6b9532ad90
SHA512

ff622848466569af32364234341ed55ff330d472e13d45f1eae623e2c3644d253246ab15b56b8c49d2bda16d4958dcca176f4382be650b89602e99c4edc4f6ae
SSDEEP

12288:9EPzoZ5ncbv+0fYz2AXgUOJixFvQGfJmtGf:j5nc/G5F4Gksf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca5e287f8a07269fb76aba7a88897f3

Files

bca5e287f8a07269fb76aba7a88897f3
.exe windows:4 windows x86 arch:x86

b89d9aa2fb018f57ccac9dbad8811dcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

kernel32

GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetStartupInfoW
RtlUnwind
ExitThread
CreateThread
HeapFree
HeapAlloc
HeapReAlloc
VirtualAlloc
GetSystemInfo
HeapSize
GetStdHandle
UnhandledExceptionFilter
GetCurrentThread
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
FileTimeToSystemTime
FormatMessageW
LocalFree
MulDiv
SuspendThread
SetEvent
SetThreadPriority
SetLastError
LoadLibraryW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcpyW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
lstrcmpiW
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
LoadLibraryA
FreeLibrary
lstrlenW
lstrcatW
lstrcmpW
GetVersionExA
FreeResource
DeviceIoControl
FindFirstVolumeW
VirtualQuery
VirtualProtect
Sleep
RaiseException
CreateEventW
ReadProcessMemory
VirtualProtectEx
WriteFile
FlushFileBuffers
CreateDirectoryW
GetLocalTime
CreateFileW
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetExitCodeThread
GetLastError
GetPrivateProfileStringW
WritePrivateProfileStringW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
ResumeThread
GetCurrentProcessId
GetModuleFileNameA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
GetModuleFileNameW
OpenMutexW
CreateMutexW
TerminateThread
GetSystemDirectoryA
CopyFileA
CreateProcessA
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
ExitProcess
GetComputerNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
ReleaseMutex
CloseHandle
GetTickCount
lstrcmpiA
WaitForSingleObject
FreeEnvironmentStringsA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

RegisterClipboardFormatW
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
DestroyMenu
LoadCursorW
GetSysColorBrush
WaitMessage
SetWindowContextHelpId
MapDialogRect
SetCursor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMessageW
TranslateMessage
ValidateRect
CharUpperW
wsprintfW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBoxW
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostQuitMessage
SendNotifyMessageW
ScreenToClient
PtInRect
CopyRect
LoadImageW
GetSysColor
GetCursorPos
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
CreateWindowExW
InvalidateRgn
LoadIconW
GetClientRect
IsIconic
DrawIcon
GetWindowLongW
ExitWindowsEx
SetForegroundWindow
SetActiveWindow
KillTimer
SetTimer
InvalidateRect
GetWindowThreadProcessId
PostThreadMessageW
GetSystemMetrics
IsWindow
PostMessageW
GetParent
FindWindowW
GetWindowTextW
GetWindow
GetClassNameA
GetWindowRect
SetCursorPos
GetMessageExtraInfo
mouse_event
VkKeyScanW
SendMessageW
EnableWindow
GetForegroundWindow
MessageBoxA

gdi32

CreateRectRgnIndirect
GetMapMode
Escape
GetBkColor
GetTextColor
GetRgnBox
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetObjectW
GetDIBColorTable
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32W
CreateCompatibleDC
CreateHalftonePalette
CreatePalette
SelectObject

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW

shell32

ShellExecuteW

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
StrCpyNW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleRun
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
GetErrorInfo
OleCreateFontIndirect
LoadTypeLi
SafeArrayDestroy
SysAllocString
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysFreeString

ws2_32

ntohs
inet_ntoa
WSACleanup
gethostbyname
htonl
accept
select
bind
WSAGetLastError
WSASetLastError
sendto
recvfrom
WSAAsyncSelect
getpeername
inet_addr
htons
send
recv
socket
WSAStartup
closesocket
connect

Exports

Exports

��%4�ǩ�͜�q��43*�̝S�z9d�׈K�jt��a�c��<��6s�B�h5�IZ�#��(�<��;Ap)C�:R��D��h��ޖW��\�Vm� G��0�v�f�X/G�M�[k��G�L<*Taz��D�%JXL��K8qA�6Ȕq}��ڄĹq��QqV^��b4��G5�zU�P��F��7�"y�۵��~�t��r�Xe��'��Z �!��9z�iN�h��]��A��ݲ*++��Bɛ��z� ��Ѩ+@T��m�Y@j��9��(O8}��A��c/��}3�fz�4��s�^[-��S5刕HM�.��ѵ��5_p�m5�b�Q��?��˳b�A ��l�\u��4��Y�H�\M]@��_��3�緈,�-��c�M��0�G��~�NO�^9�U�gJ&��&�>Z:̶F\��*,7# @��s��͍b��}�56{��S"]��Z�O��U>Q��$}��l�8�ˈKͮ��Y��s�� ]��«�W��U��Pи �G�kA3��2��um��X�р��*��R�� 9ҁ��<�܌�j�q"A|[�5��B6'�� S��˦�n��8�'"Fqγg)0_"�֔$D�q(��͒�_튃��L`��7� 4�6��8�%D�ѽ��&�Y��O+ |��s�~,䰴�|S��H�� *��Z�t�u�Z(��}��˳B��zHhY��9e��Pi׵c+ 4^��aƆ�6�r��C��R@�|D�ؠ�Q�i�*��-�9��E��j �{��U��C8Q( s��ǉ#�1 �>ܤ�AJ1@�v�)`��r E�2pmD�C�w��B�p��s�@�v�=��ﳍxYӧ�:bK]H�?;�m�8��ׄ�?.);|��/_�� ͺ��wѪ�KL6�܎\��nQ� �$ݷ��r�w�5dY��t��] m�k� �O��Th��x�1�Ave!��j��'�&O=�2)0ڵz2�p1�FGP�a�AS,!jҭG�f��?ǐA�2�#R�}�ڛsa�� _��ʌ�Y�p�\�%�+E��t*Ŕ��6�ZCKm��nf�Dg��4�2��/Ǽ��ՏХ��k�u<P��o�d��N�]6/��V�S@# x��b��~�0w�3h�+��G�f4�\�}�Ў\g��%��(�b܍m<�.v�x�,bO��<.o�ܛU�\�9�6�<D�ޅ�} �Jt\W*��z-� b��ɦ@ S�U��dq1M�Ձ?Z��4"�9{u�%��#p<P2�jy)຋.��_wnڝe�ll�q��k�$��sè]�l��g��B[d�''kaq��ֶ�A��OSD�l{y"Z�EL��Ì�&L�̓Pf��<��UNZ�%��iQ$/�O��(Q'n�3��L�+�o�W6l��m�\宦�[Н��n��3{'��_�+Q��l%�Y��bԳ��@7��1 ��_�i��}��k�nj�r}zD��$Z�׷��84�E��.Ib��Y}�qޑ�p9}�@1��z$��b�}>ͺ�>t��D�m'f��l�� p8 z'��>(+<��P�o{t�ȹCc�I��<�Pnb۷�xǫ�� G�s�@#F�!SEt�O��b��z�K��?C��>�rÂ��. ��T<��sܾ#��I�s;� �y��K�{��#O��Bf/&��+��x��[��rsC�L*7��|�io{׮ηq� ��5��X-FN��8�{��\��R��mB��H�ul�t߮i(�cl��Qw��gǭ�eiŒ�H��4~�V��t_��'�W�\�ܞ柁D�T\��T�Ob�yIgDm�=��3T�2��:��>|*b��˅�R�` w 1��w �k��_��Z?f�A� D��}**�o+-��j�%��F"+ރV��*�� c}��%��~#��~N�A�?��\��%L�O�/�f��V�(��1�Q��)�܊��ҹ-;Q��*��|�/l�E�K��m<w�Q��iN{S!�s�]T�ܼ2�� D�5��$ߌǄ�{��g�f�s#蚌�k�;^�-2��X��RYt'*��i�as�cR$��C��`O�6W�� x��4�݉#)*��Ǉ=��ƫ��{��2��~��*�#;��X3h/�G�IXЀ&��΃�@/�;�x�NK|��8sX��ɓ�U��|{��)��5��0/��$-�^�#� YN�d��K&}��L��W�BbV��S��ې��{�=K�?Y7�0�+��Se"�XK��C��S��_q��@�y��I�E��{��\,�qc��(}1b��)܏��m��Hx�2�T�W%q�M>�9��w�#��e��bà��x��V:�S��S}q<`a1<@��V��O�q&��lE|^C��u��a��3m�6�<,P��6��:��)e��2m�VTwi�S��n��S'D�R$A��l�`��AfȀ�ϕR�L�9%��=u��p��U��2��D�}��f�~�<�@�w~�X��hd6o��2��C6y��G�[b\��k�C�z�bN�\ʸ��0��hEN��_3�>�& -� -��v�X)�B`g��h&ϯ�+�v>5m"��to�:͌I�<SU�6��R��jH)&��1�l��{��`�M��E\� /o�#�y�UK��c��%�8'3��"�e��&��mj�#��*KB��>�՞Pڹ�1O]8�SԞ��t��A�R��9�� ||��(e��OR��+��Įd8�x�$F�X�J�_H��.*3!��rt^^��q~�P��J(�5._�T��N�dŒ5�ah��O�b�

Sections

.text
Size: - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b89d9aa2fb018f57ccac9dbad8811dcf

Headers

File Characteristics

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 321KB

.rdata Size: - Virtual size: 78KB

.data Size: - Virtual size: 147KB

.rsrc Size: 28KB - Virtual size: 131KB

.vmp0 Size: - Virtual size: 92KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 424KB - Virtual size: 423KB

.reloc Size: 4KB - Virtual size: 316B

.text
Size: - Virtual size: 321KB

.rdata
Size: - Virtual size: 78KB

.data
Size: - Virtual size: 147KB

.rsrc
Size: 28KB - Virtual size: 131KB

.vmp0
Size: - Virtual size: 92KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 424KB - Virtual size: 423KB

.reloc
Size: 4KB - Virtual size: 316B