e8ba12a25c954f3e4e6fa252c53ebcc89c80d47026f4ae27081d3ad91f31debb

Sharing

Copy URL Twitter E-mail

General

Target

e8ba12a25c954f3e4e6fa252c53ebcc89c80d47026f4ae27081d3ad91f31debb
Size

835KB
MD5

9a48f3a7091c76cb5aa8b5b8acfcf153
SHA1

3542c902ec101726c54a6ecf08c4c6cecefa8ada
SHA256

e8ba12a25c954f3e4e6fa252c53ebcc89c80d47026f4ae27081d3ad91f31debb
SHA512

830b512655b6ac1e708303e13141e0ae6f52132cda0930f469b26ccc3250d31372e9f4d963f564dba9c338d0585e37d1b0f95878c75b0d5022608cc360b7ec6d
SSDEEP

12288:OQnsSLAbma1z4b3Vf+8wxXBgCiqaZqnVBFwPTzzlirYVJ55mRuLJW+edTZGEvQ9h:bnS1zeB+uZ6fG7zzWYdPJtezjQu

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8ba12a25c954f3e4e6fa252c53ebcc89c80d47026f4ae27081d3ad91f31debb

Files

e8ba12a25c954f3e4e6fa252c53ebcc89c80d47026f4ae27081d3ad91f31debb
.dll windows:5 windows x86 arch:x86

2950a47be10ea14efc72360a11497d9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
SetFilePointer
FlushFileBuffers
SetEndOfFile
lstrlenA
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
ExitProcess
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GlobalFlags
GlobalFindAtomW
LoadLibraryW
LoadLibraryA
GetVersionExA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
GlobalFree
GlobalUnlock
FormatMessageW
lstrlenW
GlobalAddAtomW
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
GlobalLock
GetLocaleInfoA
WritePrivateProfileStringW
lstrcmpW
GlobalAlloc
CreateThread
LocalFree
GetTempPathA
DeleteFileW
Module32NextW
OutputDebugStringA
CreateToolhelp32Snapshot
VirtualProtect
FindNextFileW
GetModuleHandleA
Process32NextW
GetModuleFileNameA
CreatePipe
Module32FirstW
DeviceIoControl
LockResource
LocalAlloc
OpenThread
Process32FirstW
FindClose
EnterCriticalSection
GetLastError
InterlockedExchange
GetTempPathW
GetStartupInfoW
MultiByteToWideChar
CreateFileW
GetSystemDirectoryA
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
TerminateProcess
LeaveCriticalSection
GetVersionExW
ReadProcessMemory
SizeofResource
Sleep
TerminateThread
WideCharToMultiByte
GetSystemDirectoryW
InitializeCriticalSection
WriteFile
VirtualQueryEx
OutputDebugStringW
WaitForSingleObject
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
GetDriveTypeW
PeekNamedPipe
GetNativeSystemInfo
FindFirstFileW
CreateMutexW
CreateFileA
GetCurrentProcessId
CloseHandle
GetProcAddress
OpenProcess
GetModuleHandleW
HeapReAlloc
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
UnregisterClassW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetTopWindow
TranslateMessage
DispatchMessageW
GetDlgItem
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowRect
wsprintfA
GetClientRect
GetDC
GetWindowTextW
GetClassNameW
ReleaseDC
EnumChildWindows
MessageBoxW
GetWindowThreadProcessId
wsprintfW
GetClassInfoExW

gdi32

GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipFree

iphlpapi

GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo

winmm

timeGetTime

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

wintrust

WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

send
closesocket
socket
recv
setsockopt
ntohs
htons
inet_addr
WSAStartup
inet_ntoa
connect
getpeername
getsockopt

Exports

Exports

StartMon
test

Sections

.text
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2950a47be10ea14efc72360a11497d9a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

psapi

gdiplus

iphlpapi

setupapi

winmm

wininet

wintrust

version

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 154KB

.rdata Size: - Virtual size: 38KB

.data Size: - Virtual size: 24KB

.vmp0 Size: - Virtual size: 700KB

.vmp1 Size: 830KB - Virtual size: 829KB

.reloc Size: 512B - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 11KB

.text
Size: - Virtual size: 154KB

.rdata
Size: - Virtual size: 38KB

.data
Size: - Virtual size: 24KB

.vmp0
Size: - Virtual size: 700KB

.vmp1
Size: 830KB - Virtual size: 829KB

.reloc
Size: 512B - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 11KB