3d6bddf7f2bfa22fa2ca47e624e4ac8eb71a618988c710a8b8ef3bc469d08d7d

Sharing

Copy URL Twitter E-mail

General

Target

3d6bddf7f2bfa22fa2ca47e624e4ac8eb71a618988c710a8b8ef3bc469d08d7d
Size

3.9MB
MD5

9838719aa695779b994d24786a12ec41
SHA1

4239040f35a5556a0b72c891104f92bdb35a2bdd
SHA256

3d6bddf7f2bfa22fa2ca47e624e4ac8eb71a618988c710a8b8ef3bc469d08d7d
SHA512

67276ae06bf7a9a55d3b40f3969ca04a059cffafbe58130ef08c8f0a9e0f2a5ee5a5a3bf46f9cc3d218cf99b53505db84d794c4f0e103fe974535f8d3815464b
SSDEEP

98304:nApuk6NUNp6TtZJrFh7U7Lo2PpIN4n0KL6U:nAp76iNpwnevhP0KLX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d6bddf7f2bfa22fa2ca47e624e4ac8eb71a618988c710a8b8ef3bc469d08d7d

Files

3d6bddf7f2bfa22fa2ca47e624e4ac8eb71a618988c710a8b8ef3bc469d08d7d
.exe windows:5 windows x86 arch:x86

34c574889745a0ecb3650120c496ba59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

ws2_32

accept
gethostname
getservbyname
gethostbyname
getsockname
getsockopt
htonl
htons
ntohs
setsockopt
shutdown
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
connect
send
recv
select
__WSAFDIsSet
closesocket
recvfrom
inet_addr
WSASocketW
WSAEnumNetworkEvents
WSAEventSelect
sendto
WSACreateEvent
WSASend
WSAWaitForMultipleEvents
ioctlsocket
WSAGetOverlappedResult
WSACleanup
WSAStartup
socket
listen
bind
freeaddrinfo
getaddrinfo
WSAStringToAddressW
WSAAddressToStringW
getpeername

wldap32

ord301
ord46
ord45
ord33
ord41
ord27
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord143
ord211
ord22

kernel32

OutputDebugStringW
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SwitchToThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetLastError
SetLastError
ReleaseSemaphore
WaitForSingleObject
CloseHandle
CreateSemaphoreW
GetNativeSystemInfo
Sleep
CreateEventW
PostQueuedCompletionStatus
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchangeAdd
CreateIoCompletionPort
GetQueuedCompletionStatus
WaitForMultipleObjects
InterlockedExchange
FreeLibrary
GetProcAddress
FlushInstructionCache
GetCurrentProcess
RaiseException
LoadResource
SizeofResource
lstrcmpiW
lstrcpyW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
FindResourceW
DeleteFileW
CreateThread
GetFileSize
GetFileInformationByHandle
CreateFileW
lstrlenW
EncodePointer
CreateDirectoryW
OpenProcess
GetSystemDirectoryW
GetVersionExW
WriteConsoleW
TerminateProcess
RtlUnwind
GetStdHandle
FindClose
Process32FirstW
Process32NextW
SetFilePointerEx
CreateToolhelp32Snapshot
GetWindowsDirectoryW
LocalFree
WriteFile
SystemTimeToFileTime
GetTickCount
GetLocalTime
GetModuleHandleA
GetVersion
GetFileType
InitializeCriticalSection
SleepEx
FormatMessageA
PeekNamedPipe
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
DecodePointer
GetStringTypeW
InitializeSListHead
InterlockedPopEntrySList
GetTimeZoneInformation
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread
GetSystemTimeAsFileTime
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
FileTimeToSystemTime
FileTimeToLocalFileTime
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
GetDriveTypeW
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
lstrlenA
ReadFile
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostThreadMessageW
PostMessageW
LoadStringW
wsprintfW
UnregisterClassW
GetUserObjectInformationW
SendMessageW
GetMessageW
SetWindowLongW
KillTimer
GetProcessWindowStation
MessageBoxA
CreateDialogParamW
CharUpperW
CharNextW
MessageBoxW
SetTimer
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetProcessWindowStation
GetUserObjectInformationW

advapi32

OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
ImpersonateLoggedOnUser
RevertToSelf
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
RegCreateKeyW
RegEnumKeyExA
QueryServiceStatus

ole32

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

StrPBrkW
PathFileExistsW
StrChrW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

GetUserProfileDirectoryW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c574889745a0ecb3650120c496ba59

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

wldap32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

userenv

iphlpapi

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 319KB

.data Size: - Virtual size: 60KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 319KB

.data
Size: - Virtual size: 60KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB