Behavioral task
behavioral1
Sample
b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5
-
Size
4.1MB
-
MD5
dc3716b33ff650e34c42e6ca756e4968
-
SHA1
7cf7ae0de63950864e0d3776c1be10b4b0c50e27
-
SHA256
b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5
-
SHA512
31796a9f8a8df6e3d9257a359a6f9dd4f21dfbce553a623dcb2079bd40f6435bbaa5e2b3cbd40e177986727cc4175863875e132f9e2f1eec79e438502f86c036
-
SSDEEP
98304:yDZCqSFhregpq8otYNPivOwFX12Jeyqw5tUC+Qx9/h:yqeilJwFF2Jeyqw5P+QX
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5
Files
-
b61e218073caf2381754f406a4f8798f9d71fb291be0b5967e2d5ccb23f5c4e5.exe windows:5 windows x86 arch:x86
96faa9f5d2ff67ae3e82405847317e46
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleA
Sleep
GetOEMCP
GetUserDefaultLCID
GlobalFree
GlobalUnlock
VirtualAllocEx
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
SetStdHandle
IsBadCodePtr
OpenProcess
GetStringTypeW
SetFilePointer
CloseHandle
FlushFileBuffers
Process32Next
GetCPInfo
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
WideCharToMultiByte
MultiByteToWideChar
CreateToolhelp32Snapshot
WriteFile
GetCurrentProcess
GetProcessVersion
FindResourceA
IsBadReadPtr
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
InterlockedDecrement
TlsGetValue
GetFileType
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
GlobalFindAtomA
GetLastError
GetVersion
MulDiv
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
GlobalLock
SetLastError
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GetTickCount
GetModuleFileNameA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetCommandLineA
RtlUnwind
TerminateProcess
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetStringTypeA
UnhandledExceptionFilter
SetStdHandle
HeapSize
TerminateProcess
RaiseException
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FormatMessageA
LocalFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
SystemTimeToFileTime
DuplicateHandle
GetFileType
GetFileSize
SetFilePointer
FileTimeToLocalFileTime
lstrcpynA
lstrcmpiA
lstrcmpA
IsDBCSLeadByte
GetTempFileNameA
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
TerminateThread
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CompareStringW
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
GetLocalTime
DosDateTimeToFileTime
SetFileTime
SetLastError
GetTimeZoneInformation
GetACP
GetStringTypeA
FileTimeToSystemTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
Sleep
CreateEventA
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
PeekNamedPipe
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
FreeLibrary
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
LoadLibraryA
GetLocaleInfoA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
advapi32
CryptGetHashParam
CryptDestroyHash
RegCreateKeyExA
CryptCreateHash
RegCloseKey
CryptReleaseContext
RegOpenKeyExA
CryptAcquireContextA
CryptHashData
RegSetValueExA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
ole32
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleRun
CoCreateInstance
OleInitialize
OleUninitialize
CLSIDFromString
user32
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
wsprintfA
MessageBoxA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
PostThreadMessageA
GetSystemMetrics
SetFocus
ShowWindow
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
IsWindowEnabled
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
GetWindowPlacement
GetWindowLongA
SetWindowPos
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
TrackPopupMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
GetSystemMetrics
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
UnregisterClassA
LoadIconA
GetParent
GetForegroundWindow
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
EnumChildWindows
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
GetWindowTextA
GetClassNameA
CreateWindowExA
CharUpperA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
GetClassLongA
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetDesktopWindow
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetTopWindow
PostMessageA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
EndPaint
BeginPaint
GetWindowTextLengthA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
SetWindowTextA
GetCursorPos
ShowWindow
TranslateMessage
MessageBoxW
CharUpperBuffW
wsprintfW
gdi32
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
Escape
GetObjectA
TextOutA
ExtTextOutA
PtVisible
RectVisible
GetClipBox
SetViewportOrgEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
GetViewportExtEx
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
SetPixelV
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
Escape
SetPixel
CreateRectRgnIndirect
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
ExtTextOutA
GetTextMetricsA
GetMapMode
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
CreateBrushIndirect
DeleteObject
GetTextColor
TextOutA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
ClosePrinter
comctl32
ord17
ImageList_DrawIndirect
ImageList_Read
ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked
_TrackMouseEvent
ImageList_Draw
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Duplicate
oledlg
ord8
ord8
oleaut32
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
SysFreeString
LHashValOfNameSys
SysAllocStringByteLen
GetErrorInfo
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SafeArrayGetElemsize
rasapi32
RasGetConnectStatusA
RasHangUpA
winmm
waveOutReset
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
midiStreamRestart
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
msimg32
GradientFill
shell32
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ws2_32
__WSAFDIsSet
WSAGetLastError
shutdown
accept
getpeername
recv
connect
ioctlsocket
recvfrom
socket
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
wininet
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
comdlg32
ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
Sections
.text Size: - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 576KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 865KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 268KB - Virtual size: 266KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ