cmh_loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cmh_loader.exe
Size

4.9MB
MD5

08c2fc32561d0ac2e89042788fce64ef
SHA1

dea7420344b9a425e138e60cbbbb40c1aeaf293d
SHA256

4a8662cccedb08c848c9117cbda8106225c5c9829cef8283265a6426a8f080dd
SHA512

4ff2f29ef6852b31413d3d6a66046d073e56b72854112dc17800aef0cc51072344ddb5f29a7674cc8e086e5b9ad6eeddad9da365c098768a9633224efd491bfa
SSDEEP

98304:WU/R2zLZ95TJBl5nLidox+pSlh8IQu1rlJ5V4zu3PKmZGPe/Wi3:OBnnGWx+8F1r35V4K3PKmYPRi3

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmh_loader.exe

Files

cmh_loader.exe
.exe windows:6 windows x64 arch:x64

2d388c2b3c4b359dd8f28c9feffc7879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
SetHandleInformation
GetBinaryTypeW
VirtualProtect
VirtualFree
GetCurrentProcess
GetModuleHandleExW
VirtualAlloc
RtlAddFunctionTable
GetEnvironmentVariableW
GetWriteWatch
CreateMutexW
ResetWriteWatch
GlobalGetAtomNameW
CreateToolhelp32Snapshot
Process32NextW
GetCurrentThread
Process32FirstW
CloseHandle
GetSystemInfo
K32GetModuleInformation
GetThreadContext
HeapQueryInformation
ReadProcessMemory
VirtualQuery
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetVolumeInformationW
Sleep
GetComputerNameW
GetLastError
SetLastError
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
HeapReAlloc
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
ReadFile
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
WriteConsoleW
GetCommandLineW
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
GetCurrentProcessId
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
LocalFree
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
RtlUnwind
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ScreenToClient
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
GetClientRect
SetWindowLongW
SetCursor
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
SetCapture
DispatchMessageW
PeekMessageW
TranslateMessage
wsprintfW
PostQuitMessage
UpdateWindow
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
CreateWindowExW
LoadCursorW
UnregisterClassW
SetWindowTextW
RegisterClassExW
WindowFromPoint
ShowWindow
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
OpenClipboard
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetDeviceCaps

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ws2_32

htons
recv
connect
socket
send
inet_addr
WSAStartup
select
closesocket

d3dx9_43

D3DXCreateTextureFromFileInMemory

wtsapi32

WTSSendMessageW

Exports

Exports

�?��4�)v��4f� �7@�/��]��W��KB�1�R��?��3��SR��iq�Ty�b�b%�V��M��)E�x�$�F�dQ.��g��rO�� X��t��S��R��LiaVZ��49b:5_2 ~s��v7ؖBb�j��4�Fr��5�^D��"� 6�'�iO�U�G��^��í8f@�1�3_��~�x��zI��̋l.��|�T�-%ɤ��_V��ŠM��"6b��נm��dj$��/��W�� n<�� d�~tS~��|��˨R�,'��W�В��^f=q��*��PZ��F!��tao �O@2C�Z= �G�.�"X��/��?��_i�5h�^��|�w�s�N��r��U0��I�6��+B�:�@�#ñ+[U��D��juוU��v�(��͜bUf��_�� C��6�,��\+۩��p��@Z�K��ƭ8SU��b}� 8l,Σ�+8@�ń\yFr��D;��J�o<P�5Ԇ�P��2��0�_�QXC�Cj��O�$!��x�Y`}��f�e#F��;O��1"q> �J��+��G��sH�'+�W!:�؂��:��*��|��_��#�.��~��#�F��q�x^Hʒ�@U��@Z��M�Xg� 53��Ç�9��ĭ`�r�*9��_�|V�Tk��֒�d��Z$��X[K�3�c��{f3� ��`� �2P�\��}��L�^��!�<�a߽��|.!�ֽ)%��̶g�-�4ڈfz<%&l�b�y��\�S� +�۵%��~��cH�N��r��t��Dj�c>��*�Z2��*��t�is��z�B@{�&��`��ϴ�LB��] =W0�� .d�U�o��D�J��~f�#�� ^�w�B� o~{aE�C*D��}��!�e{¡�X�Z��8��q��k��)H��!u-W]��L�Ϡ�͞JM��H�%��$M�y��x�#�v�ȳ�ID�5�f\�Fb�!R�K漢�d�9�"?llf`��,~l�c��w峝�Ч�U� �>��9tU�b@kh�w�� `��s�960&�/^�M�xS��a�ȥ��cs��[vO!G�� %�ڙ'1��9��5jj|u r��h��u��m�8�[O\f��n�H㯹� �I�H��W��D��ҷ��V�csWU]��0��I{� )��۴g�I��6�eזH��Ɯs��b��Q"��`�|�q��u��0��{��遛��9��/ߡ�"�.�'v��冻�&,v2�4�3vn��0�o�js��3�V��j� ı�R@(�� <�mj�0Lp ��x{Xߠ��Z��:�yN�9�vg��Z�n��e��p��k�ƃ��▘܆sX�\-Ԑ��6��+��)N��pK?��T_�Ec��3�}%�ݝ��צ��L8�A��n��6��H��ZšcX`ғvJ��:/Ȟ�'� ��ø�iέ4��51��|��m��-�N.V�VYÔ��1��,MT��ڱ�k�BA��C�"�@��D�d��CA��֏�Y��|gs#!�K��R��w�`��i��?�^�{��VV� ��B��ΐh t��~�[L��VL䳔��I�}�ٛBB��/�`�� xQKT��/�=74�y�bE��Ύ �,�ӤYa֎�H�m��B��'��>�6=��.U��6cpha��~z��vLǷq�~��rg��)��g)��/ed�o�5u,�� kTNN��Y�� G0�Y�[ѿ;�F}��f��ț��v_��^]�E��}�j]�^g��qK��#Ӈ��]�_�� >&�ZH(1�tV�O)� ܇��p�#��3nAV��v�[��j�YgeZ�d�(Z��f��+��Y�� 1ͳ}[G��D��ik@ ߮��;ɸ�U�5Y�v��g�Yuׯw�x2A�5"Ot 2_�S��xW^U)�3�@�lQ2v�7R�S��`,�r]ycyIh[΅��#$�j�nW�ɾ⹱��0��:��=_G��ǺV�<'��Gi��8w=��vʿ�YWt��px?,��δ�j$'��>�d?��q@dV��X�`9��,S+�mJ��7+s��/�+󔇵�{��A�θ��}rx�� ľ+.tn��8��`]��Auޮ~W��OH�U��u$�Hۣ�� G�5�7�g�(��ss��z� -�Ԥx e?`W�_�!��L4�7��Q�{��au�RLm��q;%�ޜ��hl��ӣ�m#�D8��>�e�}Vl\~T�-�n°�7k��o��H��wh�ɰ�2�wg��&+\�+ʎ��Z'3ӛe��o@;�,{��.!p=E�&��T/:_�I�;�R*d$//y��KS#F��agp �U��ѧV�y��jݩ_B�I?&��w�w��A�ipF��Ϥ��~�{�מ��׼p%�q��zA�a �B��-� ��i�3��i��6��(��s{H�)|�T�[�`�S*�h��ҽ�yq+G<ʴ�]�l��h'Ƞ*9謄��6M��T��H_]|��\�*�)��'�!��up��kS� ��b��F��g8 k�y�I��q��J�FZΌ��?��p�װ_0�1K��[o�~�kuOo�� 4G��16��zh��M1w��`�!��[�EI7Лo��#:��m�Fd=��l�93C�n{�΁�ϑ��R�x9'b�a[۱cPm��C��V� �}8��4Gy-D��v�,�Ԭ�L浙�� .�o��M�P��E��B��5_&9v��<�8�}հ\$)��ܨ�*�}"��m�8�)OO �

Sections

.text
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d388c2b3c4b359dd8f28c9feffc7879

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

advapi32

imm32

ws2_32

d3dx9_43

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 788KB

.rdata Size: - Virtual size: 175KB

.data Size: - Virtual size: 631KB

.pdata Size: - Virtual size: 33KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 2.7MB

.vmp1 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 788KB

.rdata
Size: - Virtual size: 175KB

.data
Size: - Virtual size: 631KB

.pdata
Size: - Virtual size: 33KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 2.7MB

.vmp1
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 512B - Virtual size: 480B