191a3ad3ca5267de21e0e7a603bfa7776f6b238ff84972ebacac1a122fe19ae5

Sharing

Copy URL Twitter E-mail

General

Target

191a3ad3ca5267de21e0e7a603bfa7776f6b238ff84972ebacac1a122fe19ae5
Size

232KB
MD5

9829ecdc9acac3b1f3a3cbe4ffa4ff05
SHA1

c71a31af3c3f1f5e18d4847296d52b2386af04c8
SHA256

191a3ad3ca5267de21e0e7a603bfa7776f6b238ff84972ebacac1a122fe19ae5
SHA512

4c67b8f1c338e7b7c58e0052d273507eb196a58a0d659443a718d0aba54c34e5f504291502b01f14a58b3de0bcb7669ac3c55e27ffe6e3a121e499ed08982013
SSDEEP

3072:JIXc06svz8knymGzZ2rjZqfWZ5e+hAZhkpPLgA2BqlvDHnevwyR86G4cZa3v:JIslsL1Ja2zfAZ2P8HB2Uwyyk80

Score

10^/10

vmprotect

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
191a3ad3ca5267de21e0e7a603bfa7776f6b238ff84972ebacac1a122fe19ae5

Files

191a3ad3ca5267de21e0e7a603bfa7776f6b238ff84972ebacac1a122fe19ae5
.exe windows:4 windows x86 arch:x86

c63626bb89d6e2928959a173e88ed0af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerA
SetWaitableTimer
CreateThread
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
GetModuleFileNameA
GetTickCount
CloseHandle
WaitForSingleObject
WideCharToMultiByte
GetStartupInfoA
GetUserDefaultLCID
WriteFile
CreateFileA
SetFileAttributesA
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
CreateProcessA
OpenEventA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
SetWindowPos
DispatchMessageA
PeekMessageA
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
TranslateMessage
SetForegroundWindow
IsWindowVisible
GetMessageA
ShowWindow

winhttp

WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
CoInitialize

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash

msvcrt

srand
_CIpow
_ftol
toupper
strchr
modf
tolower
sprintf
??2@YAPAXI@Z
strncmp
??3@YAXPAX@Z
strncpy
atoi
memmove
free
malloc
__CxxFrameHandler
_strnicmp
rand
_stricmp

shlwapi

PathFileExistsA

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayDestroy
SafeArrayCreate
SysAllocString

Sections

.text
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c63626bb89d6e2928959a173e88ed0af

Headers

File Characteristics

Imports

kernel32

user32

winhttp

ole32

advapi32

msvcrt

shlwapi

oleaut32

Sections

.text Size: - Virtual size: 58KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 185KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 218KB - Virtual size: 218KB

.rsrc Size: 1024B - Virtual size: 660B

.htext Size: 12KB - Virtual size: 12KB

.text
Size: - Virtual size: 58KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 185KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 218KB - Virtual size: 218KB

.rsrc
Size: 1024B - Virtual size: 660B

.htext
Size: 12KB - Virtual size: 12KB