182aa97fedfd3e6adf3124e7339f1b956d00d023fc8064b8607b72e4c5bc694d

Sharing

Copy URL Twitter E-mail

General

Target

182aa97fedfd3e6adf3124e7339f1b956d00d023fc8064b8607b72e4c5bc694d
Size

1.5MB
MD5

6c488d925516c5124446ad7546550a74
SHA1

26f5ba9681a1a7e33dcf0ed7ec585f6bbc68c417
SHA256

182aa97fedfd3e6adf3124e7339f1b956d00d023fc8064b8607b72e4c5bc694d
SHA512

5d57191f03e9d2fee19150c22a8583a9f6565818455b539511785559746ddec6b042abb82d6f1ee52841ff977e7d376e41414e5ae071bf5f355d9675b5115e94
SSDEEP

24576:uZcXiAdUWDyFWCNssbYi5BP3Wx5cuWDHyEI6CmW6GrpM3HioEUtXA4B8:M8HksEleKPH6pqTb+

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
182aa97fedfd3e6adf3124e7339f1b956d00d023fc8064b8607b72e4c5bc694d

Files

182aa97fedfd3e6adf3124e7339f1b956d00d023fc8064b8607b72e4c5bc694d
.dll regsvr32 windows:4 windows x86 arch:x86

86f7f2458cfed5d589ef36479d76a835

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

kernel32

SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ReleaseCapture

olepro32

ord251

advapi32

RegQueryInfoKeyA

ole32

OleLoadFromStream

oleaut32

LoadTypeLi

gdi32

GetDeviceCaps

Exports

Exports

??0CDialogBuilder@DuiLib@@QAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@XZ
??0CRect@DuiLib@@QAE@ABUtagRECT@@@Z
??0CRect@DuiLib@@QAE@XZ
??0CStdString@DuiLib@@QAE@PB_WH@Z
??0CStdString@DuiLib@@QAE@XZ
??0CWindowWnd@DuiLib@@QAE@XZ
??1CDialogBuilder@DuiLib@@QAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
??1CStdString@DuiLib@@QAE@XZ
??4CStdString@DuiLib@@QAEABV01@ABV01@@Z
??4CStdString@DuiLib@@QAEABV01@PB_W@Z
??8CStdString@DuiLib@@QBE_NPB_W@Z
??BCStdString@DuiLib@@QBEPB_WXZ
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
??HCStdString@DuiLib@@QBE?AV01@ABV01@@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@UtagPOINT@@@Z
?GetCaptionRect@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?GetControl@CActiveXUI@DuiLib@@QAEJU_GUID@@PAPAX@Z
?GetData@CStdString@DuiLib@@QAEPB_WXZ
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCStdString@2@XZ
?GetRoundCorner@CPaintManagerUI@DuiLib@@QBE?AUtagSIZE@@XZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@@Z
?IsSelected@COptionUI@DuiLib@@QBE_NXZ
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
?Offset@CRect@DuiLib@@QAEXHH@Z
?SendMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
��%�ፍ�V˓��Z�c��0�%��Cx_��C��j�).�g�/ؘO��Br��x��[�� 鷪�=�a-4�(�e��p��Df^Z��ش��b.��.�� y?9�]aSG[�P�~]�}��˴�5��qUx��y��v��Q�&է�"��A5R�bVEIYks B� C�.��E��MMkk�3��Oƹ�-3WG��di�� +/i!0�{+�ί��e�Z��M�*�ǷP�uG~J��p��KW:��<�k\y��ͭ��n��+60�BSw=d�r�q'��D}��^}��Ř�#P�g��H�'��<&�r�4��<Z��& ��]p �#A/�q44�ǿM�-=%�;��s&ኯ��yg��w��ð U��]t$��z8�ꏆYU�Z<F�|��ю��ƽ%�yz�(sS �\��*�tW��Gm��ԍ$acG�V��aXG_ �1jH�<�J�v�J �)��9�g��}��e��V�c!��t��$ܧ��Rb�{�/� � ��D>�;�E�W��J�Ll�υN�S�٪��`�� $6&Dkg�M��(��x-ڡ ��l;?� ��i�f�S��m"��R~�dLy��͇,5v��+�;��l�K��de��o�=�M�q��}y�8U��3�^%s�XI� �ֿl�@j��tqj��!<��{��p ܠ��:0x��d&��Ԩ��Qͨ�8C��@5��<Ċ,��uA��gF�)��C�0�r`�\f�E$�03UJ��Јq��_�,J��e <H&S��KF��5�� &v��g�ܷZj�f��z��[�;F(}1!��ȍ�y(�t� {��v�J��ɭ��h��q�cz�[�ԹO:N�Zܹ�0 �|:~��gYZ ��c��̣y��PthX��H�kj��fl�sv��Z�Sf+��-��`��(�X\Ǆ��`K��0@:t��.W�o4˗ߔ�a�Уr�Ќ�-�a�';4��E|�`�k'L�)u�u�D*ڍT��$u��"h��_l�጗X~o��ϣ ,��v��o��d�� @��@pEb!�|��Edl��Cp��D�=��Ek��4�B!�_�P�Wd v��:/ �ڮ\Lϼ�kZ)�w��)%�x�Nҙ�z��N�V֠d��B�} Iς˛��C�Ș{�V')�`o0��m�V��?��6��z��\7��m+�^��4۔�$�%��7��]#�]ku�g��\e��qN�v�Ai��J{5],�5�_��'�v�XL��g��VA@�H4�.l��1<q�vVSv *\�Ś��*�c��{4B_Q,m�� 'ⱗ]�%�rf�0��j��#�� $��>o4�'��'��.{G��w�L� ��9%��>�q�'��8Ah��x��h�1�{X��QT��D%��M�ęU.vY�^vI�z��Y@}��nW"��^�;�m�20�h�c�/��i�m��t��d�L�0;�K�7�iQd��&�J�GX�u�G��N��F<��19��H@z�v�# O��Kġ{��be��=��M�5�4��7&i�:��b;��E��kn�[�ϓB��p�� 4~ːR~�J�]O�t�7�d�v�+��1bi�H��\�D�N�T^#�,��7��F�.��7��9��*� �K�2Rͷ��+�7�XNm&��,��s��c6l��gvqU��b<�)��yoީ�� R@�1VɈ��a�s�d#l$�)��O��l�uc�Lu�5�j�L�JfoM��M�ܗ�f�Ğ��M�.�'�2��o}ZZ��)g��EX�M��Y�[��%�7:؞�р��%E�1h@f&Wm��U��@��k��i�(��ZWۺ��k��\f��`wԗ��!�v(��.�Ɓ��<��S�*Ίʺ:bC00��j�d��n��kމk?(l��R3P��ǒ~o��Q<jHj��@f6o�$��T��| 9��^�[��r��sW>��A5z�hq�R��)A��~E}1ݪuzG��+�NC�YkiF��s��}Y��oSd��i�wo)M�a*Y`4 '��ܺ��BU��e{�sX}��D �Bx��(􌔬u�=��?s0��L��'}��Z��c��h�B��r�P!NZ��3��*��Fw�db�.51]��3��e�_�_o��q�e�2�D�}�L��x"K�?d �?��1/ L��%��?��ڠ�$�c��N�7B�s<��w�Dzf$ 4��%gKg��ȸ��U�m+l(�/�S��*Zq�fg��wt&E�u��f�.:NUa��Ϊ��۰��c$�v��Xn]HN�,��VH�0�ya��9,�:E��VF*~�9��p;��S�';�݅��w�6R��!o�(��%��pp�S��<��Zu�1�%��H�L��־/�<��;2r�3OF� !��uo��CJj]/H�*�>�%�bw/a�p_�h��Hs�K~>��;i)��$�^z�Q�KԬ�wA�`Ϋ4�Q�W�߇��3�g>h'(R�6��\puA�f��g��؉86�P�+/��y�~�IR�+��70�$u5��f(Ħ�WZ�� Yug�M�LsD4��`�gH[-ǐ*��97��:Sә�$��4�qA 1K�E�6��S��(^:��:ꃨ�7��ـ��:3��/��?��,\F��9I��]�� /��L*:w��U�aV��FW��)H_AE�j�ß�]t�j:NE��-��cӿDTf�t��]�m��'��`S��4��&�١�kz��} ��-�鐍��s��%��#XLyǵ�`��Ԧ~uB�v�Y� �L��a�b�� nҖ4Q��*�~�4�v

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Cream
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86f7f2458cfed5d589ef36479d76a835

Headers

File Characteristics

Imports

comctl32

kernel32

user32

olepro32

advapi32

ole32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 16KB - Virtual size: 15KB

.vmp0 Size: 16KB - Virtual size: 13KB

.Cream Size: 4KB - Virtual size: 4KB

.vmp1 Size: 160KB - Virtual size: 158KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 72KB - Virtual size: 70KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 16KB - Virtual size: 13KB

.Cream
Size: 4KB - Virtual size: 4KB

.vmp1
Size: 160KB - Virtual size: 158KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 72KB - Virtual size: 70KB

.reloc
Size: 12KB - Virtual size: 9KB