014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea.zip
Size

891KB
MD5

f2affda44a3a85b36fc69945389471c5
SHA1

9384607871415005f9d2d548c608064ef446ba29
SHA256

844101e2c6b2fa83843349c483f10a7fa117c876e80a84d53b833341c1a2ebc4
SHA512

1c56f004bcf691b9d6d3d0e2f280b66390a4ddd06b91daf723ba80607c11d97fb567c331725d3320688350388a52a4284616b9e45afe3d316395338c08eec8ad
SSDEEP

24576:m/JCU/bechpIkIRs3B9+OLomhA84LIqydU/gI:m/JCwbeEIkIq3fD284j9gI

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea

Files

014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea.zip
.zip

Password: infected
014347eec20afb1c346aa76094a0c5048acfc9fbb88ac86232fb11e21bf1ddea
.dll windows:5 windows x86 arch:x86

Password: infected

16b847cfa099c4361b32e4c7882cbc3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
ReleaseMutex
CreateThread
lstrlenA
FindResourceA
VirtualQuery
Process32First
Process32Next
CreateToolhelp32Snapshot
WinExec
GetTempPathA
DeleteFileA
GetFullPathNameA
OutputDebugStringA
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
VirtualAlloc
LoadLibraryA
VirtualProtect
GetCommandLineA
CreateEventA
GetComputerNameA
CreateDirectoryA
LocalAlloc
LocalFree
DeleteCriticalSection
HeapCreate
LockResource
InterlockedCompareExchange
InterlockedIncrement
SwitchToThread
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
GetCurrentThreadId
CreateIoCompletionPort
WaitForMultipleObjects
GetQueuedCompletionStatus
InterlockedExchangeAdd
CreateFileMappingA
MapViewOfFileEx
PostQueuedCompletionStatus
ResetEvent
SetEvent
CreateSemaphoreA
ReleaseSemaphore
SetEndOfFile
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
SizeofResource
TerminateThread
WideCharToMultiByte
WaitForSingleObject
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetCurrentProcess
CloseHandle
GetFileSize
CreateFileA
GlobalFree
GetLastError
MultiByteToWideChar
Sleep
OutputDebugStringW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GlobalAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
ReadFile
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
HeapSize
HeapReAlloc
RaiseException
GetStringTypeW
DecodePointer
EncodePointer
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
MsgWaitForMultipleObjectsEx

advapi32

CreateServiceA
OpenSCManagerA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

ole32

CoCreateGuid

shlwapi

StrChrA
PathIsDirectoryA
PathFileExistsA
StrPBrkA

iphlpapi

GetAdaptersInfo
SendARP

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

wsock32

gethostbyname
WSAGetLastError
ioctlsocket
inet_addr
gethostname
htonl
ntohl
send
closesocket
socket
bind
recv
WSACleanup
setsockopt
htons
WSAStartup
connect
sendto
recvfrom
getsockopt
WSASetLastError
shutdown
ntohs
getsockname
inet_ntoa
listen

ws2_32

WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACloseEvent
getaddrinfo
WSARecv
WSASend
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAIoctl
WSACreateEvent
WSAGetOverlappedResult

winmm

timeGetTime

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sign
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

16b847cfa099c4361b32e4c7882cbc3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

iphlpapi

wininet

wsock32

ws2_32

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 264KB

.rdata Size: - Virtual size: 68KB

.data Size: - Virtual size: 20KB

.sign Size: - Virtual size: 32B

.vmp0 Size: - Virtual size: 641KB

.vmp1 Size: 928KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 288B

.rsrc Size: 1KB - Virtual size: 113KB

.text
Size: - Virtual size: 264KB

.rdata
Size: - Virtual size: 68KB

.data
Size: - Virtual size: 20KB

.sign
Size: - Virtual size: 32B

.vmp0
Size: - Virtual size: 641KB

.vmp1
Size: 928KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 288B

.rsrc
Size: 1KB - Virtual size: 113KB