c3ea1fcecdbc2066eeafcd9059dd425b

Sharing

Copy URL Twitter E-mail

General

Target

c3ea1fcecdbc2066eeafcd9059dd425b
Size

252KB
MD5

c3ea1fcecdbc2066eeafcd9059dd425b
SHA1

e4fda531d1bae53752aef625c9255b5285fcdcc1
SHA256

ec17454f552052c15ab6b53a2bcfc6629eb107ea102ccdb77878de0b0128f38e
SHA512

f923396560708ddfa8f5d28420edf10cc8fa93b6459fbb1d853d7be93481c9adf67a72883c7c3bdad8019a60bcd852ef4b8c924b3691b82961e5276e21c7284f
SSDEEP

3072:fENHRRAtSMbp9oEGrDMj7GO20dzngvECuYdO895v30hY3NE38v4a8:ctRRXMcEqMNi3cuE3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3ea1fcecdbc2066eeafcd9059dd425b

Files

c3ea1fcecdbc2066eeafcd9059dd425b
.dll windows:4 windows x86 arch:x86

1f85b2b51bce9698b476b5acfba0ffce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
CreatePipe
SetStdHandle
DisableThreadLibraryCalls
Sleep
CloseHandle
CreateProcessA
CreateEventA
SetEvent
GetCurrentThreadId
ReadFile
MultiByteToWideChar
GetComputerNameA
WriteFile
GetCurrentProcess
DuplicateHandle
TerminateProcess
GenerateConsoleCtrlEvent

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

htons
socket
listen
bind
htonl
accept
recv
recvfrom
sendto
WSAStartup
WSACleanup
ioctlsocket
getsockname
connect
gethostbyname
select
__WSAFDIsSet
WSAGetLastError
setsockopt
closesocket
send
inet_addr
inet_ntoa
ntohs

msvcrt

__CxxFrameHandler
strlen
_EH_prolog
atoi
strchr
_beginthreadex
_endthreadex
strrchr
strcmp
fclose
_iob
_strnicmp
_stricmp
printf
strstr
free
malloc
sprintf
_onexit
__dllonexit
_adjust_fdiv
_initterm
strncpy
rand
??2@YAPAXI@Z
sscanf
memmove
realloc
localtime
strncmp
atol
time
fwrite
_vsnprintf
fopen

user32

GetWindowTextLengthA
SendMessageA

Exports

Exports

vidc20_command
vidc21_create
vidc20_delete
vidc20_start
vidc20_stop

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f85b2b51bce9698b476b5acfba0ffce

Headers

File Characteristics

Imports

kernel32

msvcp60

ws2_32

msvcrt

user32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.vmp0 Size: 12KB - Virtual size: 11KB

.vmp1 Size: 20KB - Virtual size: 17KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 12KB - Virtual size: 11KB

.vmp1
Size: 20KB - Virtual size: 17KB

.reloc
Size: 12KB - Virtual size: 10KB