aeb78aa73ef00af0b61d893299134a121712116aa3b618fc79c4bcff4fd70763

Sharing

Copy URL Twitter E-mail

General

Target

aeb78aa73ef00af0b61d893299134a121712116aa3b618fc79c4bcff4fd70763
Size

2.1MB
MD5

a6979cc2f33ba75f7072b0beef3b6fb1
SHA1

53983036c80b0155354b8bb14a571e061534f849
SHA256

aeb78aa73ef00af0b61d893299134a121712116aa3b618fc79c4bcff4fd70763
SHA512

e67e1a391ca850cdc09f1d1460b7c019311851bf4138f4b03934a38c3e41b6ca7d06ac7c5b0979b7afadb92455c1d3292f5b5870f7e85a90863f0165438bb676
SSDEEP

49152:4LC8aHFV0aMutkXMr11paSHJz2jcZYGtRMnLZvxZT4DUL5UqrPc:bHbk8r1vaY12jzvL94t0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aeb78aa73ef00af0b61d893299134a121712116aa3b618fc79c4bcff4fd70763

Files

aeb78aa73ef00af0b61d893299134a121712116aa3b618fc79c4bcff4fd70763
.dll windows:5 windows x86 arch:x86

fe2d2436bafbd922a7ef2df6a2dfbc1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

huaweidecrypt

??1CHuaweiDecrypt@@QAE@XZ

adbclient

??1CADBFileFilter@@UAE@XZ

mfc80u

ord282

msvcr80

_CxxThrowException

kernel32

GetStartupInfoW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHCreateDirectoryExW

shlwapi

PathFileExistsW

msvcp80

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

ws2_32

socket

advapi32

CryptAcquireContextA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

wtsapi32

WTSSendMessageW

user32

CharUpperBuffW

Exports

Exports

??0CAdbCommand@@QAE@ABV0@@Z
??0CHisuiteBackup@@QAE@ABV0@@Z
??0CHisuiteBackup@@QAE@PAUHWND__@@PAVCAdbCommand@@PAHHHH@Z
??0CHuaweiDecrypt@@QAE@ABV0@@Z
??1CHisuiteBackup@@QAE@XZ
??4CADBFileFilter@@QAEAAV0@ABV0@@Z
??4CAdbCommand@@QAEAAV0@ABV0@@Z
??4CAdbExcepction@@QAEAAV0@ABV0@@Z
??4CHisuiteBackup@@QAEAAV0@ABV0@@Z
??4CHuaweiDecrypt@@QAEAAV0@ABV0@@Z
?ADBEndAutomator@CHisuiteBackup@@AAEXXZ
?ADBStartAutomator@CHisuiteBackup@@AAEHPAVCAdbCommand@@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?AdvancedBackupDownFile@CHisuiteBackup@@AAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?AdvancedBackupGetBackupSize@CHisuiteBackup@@AAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?AskPhoneForAppPermission@CHisuiteBackup@@AAEHXZ
?AskPhoneForConnection@CHisuiteBackup@@AAEHXZ
?AskResult@CHisuiteBackup@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAHHH@Z
?ClearUselessData@CHisuiteBackup@@AAEXXZ
?CreateAndSendCmd@CHisuiteBackup@@AAEHPADH0H0AAH@Z
?CreateCmdHead@CHisuiteBackup@@AAEXPADW4EM_ADVANCE_BACKUP_HUAWEI_SEND_CMD_TYPE@@@Z
?DIY_WriteLogFun@CHisuiteBackup@@AAEXPB_W@Z
?DecryptAndConvertBackupFile@CHisuiteBackup@@AAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?EndAdvancedBackup@CHisuiteBackup@@QAEHXZ
?FindInfoXml@CHisuiteBackup@@AAEHAAHH@Z
?GetAppBackup@CHisuiteBackup@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?GetAppBackupV2@CHisuiteBackup@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?GetAppInfo@CHisuiteBackup@@QAEHXZ
?GetAppInfoV2@CHisuiteBackup@@AAEHXZ
?GetAuthCodeForConnection@CHisuiteBackup@@AAEHXZ
?GetAuthConfirm@CHisuiteBackup@@QAEHXZ
?GetAuthConfirmV2@CHisuiteBackup@@AAEHXZ
?GetBigPackSize@CHisuiteBackup@@AAEHAAHPAD@Z
?GetBigPackSizeV2@CHisuiteBackup@@AAEHAAHPAD@Z
?GetLocalBackupPermission@CHisuiteBackup@@AAEHXZ
?HexToStr@CHisuiteBackup@@AAEXPADPAEH@Z
?HuaweibackupDecrypt@CHisuiteBackup@@AAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@000@Z
?InitAdvancedBackup@CHisuiteBackup@@QAEHH@Z
?InsertCountToCmdHead@CHisuiteBackup@@AAEXPAD@Z
?IsRecvCmdEqual@CHisuiteBackup@@AAEHPADW4EM_ADVANCE_BACKUP_HUAWEI_RECV_CMD_TYPE@@@Z
?MakeDirForBackup@CHisuiteBackup@@QAEHXZ
?MakeDirForBackupV2@CHisuiteBackup@@QAEHXZ
?MoveEmui11AppData@CHisuiteBackup@@AAEHPADH@Z
?MoveEmui11Attachment@CHisuiteBackup@@AAEHPADH@Z
?PrintHex@CHisuiteBackup@@AAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RecvDataOnly@CHisuiteBackup@@AAEHPAD0AAH@Z
?RecvDataOnlyV2@CHisuiteBackup@@AAEHPAD0AAH@Z
?SendAppBackupCmd@CHisuiteBackup@@AAEHAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?SendAppBackupCmd@CHisuiteBackup@@AAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SendAppBackupCmdV2@CHisuiteBackup@@AAEHAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?SendAppBackupCmdV2@CHisuiteBackup@@AAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SendAuthCodeForConnection@CHisuiteBackup@@AAEHXZ
?SendCmdAndRecvData@CHisuiteBackup@@AAEHPAD0H00AAH@Z
?SendCmdAndRecvDataV2@CHisuiteBackup@@AAEHW4EM_ADVANCE_BACKUP_HUAWEI_SEND_CMD_TYPE@@PADH11AAH1@Z
?SendCmdOnly@CHisuiteBackup@@AAEHPAD0H@Z
?SendCmdOnlyV2@CHisuiteBackup@@AAEHPBDPADH1@Z
?SendHeartBeat@CHisuiteBackup@@QAEXXZ
?SetAutomatorPath@CHisuiteBackup@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetClickAllowAutomatorPath@CHisuiteBackup@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetDownloadPath@CHisuiteBackup@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetLogFun@CHisuiteBackup@@QAEXP6AXPAUHWND__@@PB_W@Z@Z
?SetNotifyCallBackFun@CHisuiteBackup@@QAEXP6AXPAUHWND__@@PB_W@Z@Z
?StrToHex@CHisuiteBackup@@AAEXPAD0H@Z
?WaitForResultV2@CHisuiteBackup@@AAEHPAD0AAHHH@Z

Sections

.text
Size: - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2d2436bafbd922a7ef2df6a2dfbc1d

Headers

File Characteristics

Imports

huaweidecrypt

adbclient

mfc80u

msvcr80

kernel32

shell32

shlwapi

msvcp80

ws2_32

advapi32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 331KB

.rdata Size: - Virtual size: 83KB

.data Size: - Virtual size: 19KB

.vmp0 Size: - Virtual size: 1.9MB

.vmp1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 4KB - Virtual size: 300B

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: - Virtual size: 331KB

.rdata
Size: - Virtual size: 83KB

.data
Size: - Virtual size: 19KB

.vmp0
Size: - Virtual size: 1.9MB

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 4KB - Virtual size: 300B

.rsrc
Size: 4KB - Virtual size: 1KB