396fb0e3e63da1b11c7c49e6c97762ac48c70f2d98c3dd14eeefd334e9178e0b

Sharing

Copy URL Twitter E-mail

General

Target

396fb0e3e63da1b11c7c49e6c97762ac48c70f2d98c3dd14eeefd334e9178e0b
Size

4.1MB
MD5

1082291727d0b67434dd75690878d936
SHA1

cfb1c54485657a3f4ad7af798852a9427606a733
SHA256

396fb0e3e63da1b11c7c49e6c97762ac48c70f2d98c3dd14eeefd334e9178e0b
SHA512

827bcff0edd101bbb793701240ff177bfdd36eb7cabda2d5331be120a208ec8c47c3d71c4a6a7894ce3660ed41d6a48e5dc452dc265d5f5d468e98ec4c7e595b
SSDEEP

49152:dZtaC9KtT114hKySSdvnxHDyARWVDO5EYRkB3ANkTTlbhWgPppkyxWStVUT5gLg:nT9KtT11R/ARWko3AMLWgPtjVUNgM

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
396fb0e3e63da1b11c7c49e6c97762ac48c70f2d98c3dd14eeefd334e9178e0b

Files

396fb0e3e63da1b11c7c49e6c97762ac48c70f2d98c3dd14eeefd334e9178e0b
.exe windows:5 windows x86 arch:x86

fcdcf4239ade4bb66e6f89d5914ca08e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
DeleteFileA
VirtualFree
GetEnvironmentVariableA
VirtualAlloc
CreateFileMappingA
SetFileTime
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
lstrcatA
DeviceIoControl
lstrcpyW
SetLastError
GetComputerNameA
FindResourceA
FreeResource
LoadResource
WaitForSingleObject
GetProcessHeap
GetSystemWow64DirectoryA
SizeofResource
CreateEventA
CreateProcessA
GetSystemDirectoryA
ResetEvent
GetLocalTime
GetExitCodeThread
LockResource
GetSystemInfo
WinExec
FreeLibrary
IsBadReadPtr
LoadLibraryA
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetCurrentThreadId
InterlockedIncrement
ExpandEnvironmentStringsA
LocalAlloc
ResumeThread
SetFilePointer
SystemTimeToFileTime
CreateDirectoryA
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetDriveTypeA
GetPrivateProfileStringA
GetFileSize
WaitNamedPipeW
ReadProcessMemory
SetNamedPipeHandleState
VirtualFreeEx
VirtualAllocEx
SleepEx
lstrlenW
CreateProcessW
WriteProcessMemory
VirtualProtectEx
lstrcpyA
GetVersionExW
GetCurrentDirectoryW
GetModuleFileNameW
GetVersion
VirtualQueryEx
GetCurrentThread
CreateRemoteThread
GetWindowsDirectoryW
CreateFileMappingW
CreateMutexW
OpenMutexW
OpenFileMappingW
CreateEventW
OpenEventW
ExitThread
FlushInstructionCache
ReleaseMutex
GetThreadContext
InterlockedCompareExchange
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
InterlockedExchange
GetStringTypeW
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
LocalFree
FormatMessageA
GetTickCount
lstrlenA
FileTimeToLocalFileTime
CreateToolhelp32Snapshot
Process32Next
lstrcmpiA
FileTimeToSystemTime
GetProcessTimes
Process32First
WriteFile
WaitNamedPipeA
GetSystemTime
OpenFileMappingA
GetCurrentProcessId
CloseHandle
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetLastError
MultiByteToWideChar
TerminateProcess
Sleep
WideCharToMultiByte
OpenProcess
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileA
ExitProcess
OutputDebugStringA
DeleteCriticalSection
AddVectoredExceptionHandler
EnterCriticalSection
HeapCreate
LeaveCriticalSection
InitializeCriticalSection
HeapFree
GetCurrentProcess
HeapAlloc
VirtualQuery
LCMapStringW
GetConsoleMode
GetConsoleCP
GetStartupInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
InterlockedDecrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
FindFirstFileExA
HeapSetInformation
GetCommandLineA
HeapReAlloc
GetStdHandle
WriteConsoleW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
MoveFileA
CreateThread
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
DuplicateHandle

user32

GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
wsprintfA
CharNextA
GetParent
EnumWindows
PeekMessageA
GetSystemMetrics
GetWindowThreadProcessId
GetMessageA
TranslateMessage
DispatchMessageA
CloseDesktop

advapi32

OpenSCManagerA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
GetKernelObjectSecurity
AllocateAndInitializeSid
FreeSid
GetTokenInformation
LookupPrivilegeValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
CreateServiceW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ChangeServiceConfigW
StartServiceW
ControlService
OpenProcessToken
QueryServiceStatusEx
StartServiceA
CreateServiceA
EnumDependentServicesA
DeleteService
CloseServiceHandle
OpenServiceA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
BuildExplicitAccessWithNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

ShellExecuteExA
SHFileOperationA

shlwapi

PathIsDirectoryA
PathIsRootA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA

psapi

GetMappedFileNameA

ws2_32

getsockname
htons
inet_addr
connect
gethostname
WSACleanup
WSAStartup
WSAGetLastError
recv
send
socket
ntohs
bind
getsockopt
getpeername
WSASetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
closesocket
setsockopt
gethostbyname

imagehlp

CheckSumMappedFile

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 995KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cpp0
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcdcf4239ade4bb66e6f89d5914ca08e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

psapi

ws2_32

imagehlp

iphlpapi

Sections

.text Size: 995KB - Virtual size: 994KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 27KB - Virtual size: 37KB

.cpp0 Size: 546KB - Virtual size: 545KB

.reloc Size: 49KB - Virtual size: 48KB

.rsrc Size: 386KB - Virtual size: 385KB

.text
Size: 995KB - Virtual size: 994KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 27KB - Virtual size: 37KB

.cpp0
Size: 546KB - Virtual size: 545KB

.reloc
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 386KB - Virtual size: 385KB