19707ef1ad255357744e732965913186f719c8e31742fa631a768e9d6f4be670

Sharing

Copy URL Twitter E-mail

General

Target

19707ef1ad255357744e732965913186f719c8e31742fa631a768e9d6f4be670
Size

5.5MB
MD5

56711060c2a8036bbd47a72160884c04
SHA1

e92a5e5e9967627003ee331ea9e5ccaf75ee16e8
SHA256

19707ef1ad255357744e732965913186f719c8e31742fa631a768e9d6f4be670
SHA512

1e06222c8e8b7cf19df7729ab6940117ead6585eb978cfb9f1f9e9dce26f018d17bb39cb28b3c0a29199f71f14de000129d515045fef79b5bcace8603899487e
SSDEEP

98304:nWv9XUVde8GvRnVKIY6B3yR108tUrzCJa6wocPha4CFIy8R5e2HbhhSNC:nw9ku8+RnUIY6b8tU+a6whha4CF4LSN

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19707ef1ad255357744e732965913186f719c8e31742fa631a768e9d6f4be670

Files

19707ef1ad255357744e732965913186f719c8e31742fa631a768e9d6f4be670
.dll windows:6 windows x86 arch:x86

992d6d1c470e5c98ca229452c592f64b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fopen

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

free

kernel32

SetUnhandledExceptionFilter
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

iqmfunkj9xep099q
iwdludld8f9i2tvo
vpeheuz4xxi7rxe3
{ޞ�{j��ǔ}�ҟ�R� �3xb��Z�9��d��o�ª��SpA@p��^�zD�s��6 ��~u�Q�ƨr��*�Ց&<�V��)q�V#�Юu�(@)�tG�X�m��Q�ޔ�t�Siį��zU�M��t�+f@k�#ur+�T�F(|��]�Ϥ_��o>��f��o9� �^ϓh��wcP;ݱ��M��S��)��-z��D�-��+��5YV�"�϶��'O�R&�M{�/,��caA�.� ,�&�ږ+ك+1�~!��_Dz� �翫L�Zl��Jh�AGp�u�W�d�~�'>��K,��}��XW�3lh�o`h8��+�HQ�`�`p��ˢ��i#[��ݘ��~#}�9��-ЌT��3��A��q4��c0�·��1�S��`��1"cj1Pǆ�-C�o ì;�a��s�P34�b��f ��J��Fnu�ϱm*��/' �cb�� ˑ��v4��ñҴ�i�@qY��RI��d�e�Z�$��N�)�nŖ(�>��@�N�@�4l\c��8�5j+�+��m��l�`w,ԢTi��M��ϲ��כ��d��"��olH# ͇5߭�4�2D��Z�.��(` R��X>@.PD�+!R�J��a]M6oL�K��$��#�o�A�7?��z�`9�%��3��٩)�Ȇ��} ��K�J�w�$�=r�X�� 1)��[�z��iG�b[��a�$l��X�h�6:��U�:HXR��:�Kڧ�v.��$i�:9��ӹiz�.�MU �XQ�;�Q?�gS��t��ړ�q��N� �dK�f�-��=e��g<k��M�;�*Dc��H$�-Qފ|��U��9TY$_� �t�7�4�=õ٠��cg��p�(X~��zx2n�a�s�JOB��!��SPJ[j��n�%ʆ��[� ��\)�%D��픶�D䖤� �'�H��h��aK��H|�Ư^�W;��|g;�~L��O7.��%6��!�*v�ɼ!�z�-�q^M�İ�Wѽ��_��P�T��<:�Ԙ��§��ƴֹä�}��+�Z��0`P!��V�ޮ�3p&X0j%��A�_��z_�3q� � q�-�u��J�� ؛ T4�0�*�jD�P��c��V��rI�q��:�=��P�ŝ��V��^��z��Ս}�X�`aD�׋�T��0Ɔ}Z��{Fՙ�|}ld!YwE�h?F4�<��ߕ+��W��/I/�v��9t�2�,+ؾ�N�dMe%��M �9�SCR4&�D��x0�Ȓ-Ǝ��1�蜛__!��7��,��9�!�a/��|`>^r�bj �[��/�C"��z5� g��YU��V��Ƅ4$oD��"��'��!6�~:ët1�(�.�b�\�Wș��Z�cx�̼��a�[�A�u��TJ ��$�b�ſy�F�K[w�ð��E��)��0�W��ė��}�}�Ś%�T��"凢�;�6g��O8�m"��ȉs��%5�[!X�ka׌�� y��F��b�]�«�q��a�pȡ��@��맮��(9+�"*W��D[g��(1;�Jyz�X�L㘏��`D?߹��>��<�%��נ�p��H _��܌��A:*��qvV>��O�eD��!Z,��J� Ĺ�sup�^DFi��`��q��9b`�OS�z�jѝf��C.9��_p�o�0��m��3�<��t�� ꂇ9�\c�x��)/�3��^��Ep��\H�� |�r+�ƕ#4��0S��ٵ��eS�a�pD-�$��w�p�2x��\j~��.b��ّ�>Fy8��;+�[U6�z<j��r�+�;u!��l�=�΂��&��e�-�� T�Rl�/�V�B5|N��Nf��J��7�Sa8�Sg��ʪp4��ґ��b,t��]�C 2��.`� �~�8�YqD��+��G��,�@Ļ��D?ӓZj��Cio_�,*wz��]��N%ޅ3%~�p�a GV��g�v��h�39��?8HL��i��p�G�� 5��~��@S�lP��Z��@��O��hB��t�˼B��I�[��]�J�l�6��zE��gt4�.�tý�h�8��U��b��#D�Aؚ� �Cn�G� ��OI�DU2:S��Cwl��ܩRYs��N��K�0rnug�be�(O�8� j��.FCp��q�pI~/��:TH.�$)ЂP��5d��[�ug^��yC��}�*��!��gF��B�r�?�V��5ѭ=��$lPs�u5I��3D�ȟ�T�vb7?�W��]�V��`D13ڃqT�.S�B�@<ڋ5��ʛ�NkŎ��1Ȍ�~w��ͰaE_��k\7аHU�v�*��T8hy+��`J��:�M5��|�� Id�r�ڂT`v��^7��]�o�k$S��f��r��=NVm�� Ә<�==�UCG��1g��<|��?��/��u{&�P;��`��1� ��0�Foz��"�q�wS��F�"�d�t��۴��5��uA��?��v�T򽠸Y⥊;��D Β�P5n��h��Gy�`07̈��:��Jl,y'�9�^�#Y쐵�#l�U>�F��͘^S��U�)e�D�� a��LQ�fCh�c�p��j��I�ܚă�ֻ�{d�p�o �'@� s�c�5p�ڼs��TJ�_m��K�쿅��c{"�~��}�'� o�䚚謼8��ҕo[�lC��X�n}XMI�6U��nρ�.E�(��M��? �,��!N8�~��[A&�X� �E�

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

992d6d1c470e5c98ca229452c592f64b

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 22KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 22KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B