cb696a884057f7ed69ae85418a8e1419f8f6060cc9bfc3a9f8abbb9779e93580

Sharing

Copy URL Twitter E-mail

General

Target

cb696a884057f7ed69ae85418a8e1419f8f6060cc9bfc3a9f8abbb9779e93580
Size

287KB
MD5

435df5cce94149e3de1efa949a472a0d
SHA1

afb79048bb30fe260f9c985230cb4193393ae205
SHA256

cb696a884057f7ed69ae85418a8e1419f8f6060cc9bfc3a9f8abbb9779e93580
SHA512

df941176f0a548662852029ac8bc93b957a1ef35000d4a13eabc2283ec492e24f9fe5e4e6880ff81d8d18b1151ba39a5f92631bf92330c96aa341ca4b79ad5fc
SSDEEP

6144:Qs3rK0cTKE6QpW8rx9/jlNTfq+xW6/mS1GW3oj9d9Ce9Yyze:QhmC13Tz+sH3oB7H9ne

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb696a884057f7ed69ae85418a8e1419f8f6060cc9bfc3a9f8abbb9779e93580

Files

cb696a884057f7ed69ae85418a8e1419f8f6060cc9bfc3a9f8abbb9779e93580
.dll windows:6 windows x86 arch:x86

07585dd411d750b425dd0587cc47b754

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc110u

ord10131
ord10129
ord10133
ord5528
ord11563
ord11564
ord8990
ord11927
ord3780
ord11774
ord14408
ord8891
ord11969
ord5792
ord285
ord2954
ord484
ord1502
ord2194
ord2216
ord2320
ord2935
ord8204
ord8610
ord8565
ord12716
ord4603
ord12595
ord1683
ord1680
ord1517
ord5298
ord6429
ord2251
ord3824
ord6436
ord3548
ord265
ord8599
ord4168
ord6477
ord3873
ord2164
ord12010
ord6840
ord10847
ord9106
ord3211
ord13699
ord12097
ord12095
ord1707
ord1716
ord1724
ord1720
ord1729
ord4858
ord4895
ord10132
ord6089
ord4874
ord4870
ord2472
ord4824
ord4901
ord4891
ord4862
ord4905
ord6967
ord539
ord4883
ord4847
ord4853
ord4886
ord4441
ord9541
ord4433
ord3000
ord14410
ord7771
ord14416
ord6739
ord11555
ord13524
ord5806
ord2628
ord11962
ord3882
ord3317
ord3316
ord3210
ord12006
ord5128
ord5425
ord5635
ord9200
ord5401
ord5664
ord5131
ord5287
ord5109
ord7572
ord7573
ord7563
ord5285
ord8064
ord10100
ord9060
ord6401
ord280
ord286
ord13113
ord1382
ord884
ord3775
ord4820
ord2706
ord10130
ord8055
ord3247
ord3250
ord4866
ord13573
ord4821
ord14328
ord290
ord3109
ord3348
ord3349
ord4033
ord11233
ord4878
ord10860
ord1164
ord6359
ord3127
ord3900
ord357
ord4587
ord5825
ord8816
ord2468
ord1514
ord4754
ord10317
ord7345
ord3758
ord1516
ord1039
ord296
ord1104
ord457
ord1504

msvcr110

__CxxFrameHandler3
_CxxThrowException
memmove
_purecall
memcpy
_except_handler4_common
__clean_type_info_names_internal
memset
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
mbstowcs
wcstombs
_wtoi
wcsstr
rand
srand
strstr
sprintf
swscanf
wcsncpy
_swprintf

kernel32

GetVersionExW
LoadLibraryW
GetCurrentProcess
GetModuleHandleW
ResetEvent
CreateThread
GetModuleFileNameW
SetEvent
CloseHandle
WaitForSingleObject
IsWow64Process
CreateEventW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileW
GetSystemTime
GetTickCount
VirtualProtect
FreeLibrary
GetProcAddress

user32

InvalidateRect
SetCursor
SetTimer
KillTimer
PtInRect
SetRect
EnableWindow
LoadCursorW
CopyRect
SendMessageW
ReleaseDC
DrawIconEx
GetIconInfo
DestroyIcon
InflateRect
FrameRect
DrawEdge
GetDC
ModifyMenuW
AppendMenuW
GetMenuItemID
GetMenuItemCount
SetMenuInfo
CreatePopupMenu
GetSysColor
CheckMenuItem
GetSubMenu
EnableMenuItem
LoadMenuW
LoadIconW

gdi32

DeleteObject
CreateFontIndirectW
SelectObject
GetObjectW
CreateSolidBrush
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteDC
GetCurrentObject

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW

shell32

ShellExecuteW

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_ReplaceIcon

acad.exe

??0AcTrayItem@@QAE@XZ
?acedGetAcadFrame@@YAPAVCMDIFrameWnd@@XZ
??1AcTrayItem@@UAE@XZ
?SetIcon@AcTrayItem@@UAEHPAUHICON__@@@Z
?SetToolTipText@AcStatusBarItem@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnLButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnRButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?SetVisible@AcStatusBarItem@@UAEXH@Z
?SetText@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DisplayContextMenu@AcStatusBarItem@@UAEIAAVCMenu@@VCPoint@@@Z
??0AcTrayItemBubbleWindowControl@@QAE@XZ
??1AcTrayItemBubbleWindowControl@@QAE@XZ
?ShowBubbleWindow@AcTrayItem@@UAEHPAVAcTrayItemBubbleWindowControl@@@Z
??0AcPane@@QAE@XZ
??1AcPane@@UAE@XZ
?SetStyle@AcPane@@UAEHH@Z
?DisplayPopupPaneMenu@AcPane@@UAEIAAVCMenu@@@Z
?GetRegistryKey@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetRegistryKey@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetPaneName@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetPaneName@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetMaxWidth@AcPane@@UAEHXZ
?SetMaxWidth@AcPane@@UAEHH@Z
?GetMinWidth@AcPane@@UAEHXZ
?SetMinWidth@AcPane@@UAEHH@Z
?GetStyle@AcPane@@UBEHXZ
?GetIcon@AcPane@@UBEPAUHICON__@@XZ
?SetIcon@AcPane@@UAEHPAUHICON__@@@Z
?CloseAllBubbleWindows@AcTrayItem@@UAEHXZ
?GetBubbleWindowControl@AcTrayItem@@UBEPAVAcTrayItemBubbleWindowControl@@XZ
?GetInternalData@AcStatusBarItem@@UBEPAXH@Z
?SetInternalData@AcStatusBarItem@@UAEXPAXH@Z
?ShowTraySettingsDialog@AcStatusBarItem@@UAEHXZ
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?OnDelete@AcStatusBarItem@@UAEXXZ
?OnLButtonDblClk@AcStatusBarItem@@UAEXIVCPoint@@@Z
?IsVisible@AcStatusBarItem@@UAEHXZ
?IsEnabled@AcStatusBarItem@@UAEHXZ
?Enable@AcStatusBarItem@@UAEXH@Z
?QueryToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetIcon@AcTrayItem@@UBEPAUHICON__@@XZ
?GetText@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

acui20

?InitAcUiDLL@@YAXXZ

acdb20

?acdbHostApplicationServices@@YAPAVAcDbHostApplicationServices@@XZ
?acutPrintf@@YAHPB_WZZ
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
?acrxProductLCID@@YAKXZ

ac1st20

acrxSysRegistry
?isDerivedFrom@AcRxClass@@QBE_NPBV1@@Z

accore

?acedGetKword@@YAHPB_WPA_WI@Z
?acedSetVar@@YAHPB_WPBUresbuf@@@Z
?acedGetVar@@YAHPB_WPAUresbuf@@@Z
?acedInitGet@@YAHHPB_W@Z
?desc@AcEdCommandStack@@SAPAVAcRxClass@@XZ
?acedGetApplicationStatusBar@@YAPAVAcApStatusBar@@XZ

ws2_32

closesocket
WSAStartup
WSACleanup
gethostbyname
socket
htons
connect
send
recv

msvcp110

?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07585dd411d750b425dd0587cc47b754

Headers

DLL Characteristics

File Characteristics

Imports

mfc110u

msvcr110

kernel32

user32

gdi32

advapi32

shell32

comctl32

acad.exe

acui20

acdb20

ac1st20

accore

ws2_32

msvcp110

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 1KB - Virtual size: 4KB

.vmp0 Size: 202KB - Virtual size: 201KB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 1KB - Virtual size: 4KB

.vmp0
Size: 202KB - Virtual size: 201KB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB