3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee.zip
Size

1.6MB
MD5

887dcc6829114f98a045ab6e6f43a6b6
SHA1

5a194fb9ca4eb9bcc621f2c4dd2b216cf46c91b1
SHA256

7c2092612ac445cb42bb9e5713ecc83ca50b7cd1d78abaa2bb48983d61b1824c
SHA512

e82527cd723dad277908611c50206c7831a1a8e4d83974ed3bcb6d789d92b86733dc34867f9dc19a5ca7209059133880f52b391a414c3e5db50cd1e4d5884dd1
SSDEEP

24576:V4Wi3MbA2kotg43AF1DB0wYKV88k4zthuKHxFsRFct/ElxlzgwXH9UrkpcuBVwsl:V46kRUdQF1DB0wbVLkFK3OhJ4Avx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee

Files

3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee.zip
.zip

Password: infected
3abf0fd1890c011d01eba9e86c53646ec226cd8a15f9e37f95ef4b43545cbaee
.dll windows:5 windows x86 arch:x86

Password: infected

16b847cfa099c4361b32e4c7882cbc3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
ReleaseMutex
CreateThread
lstrlenA
FindResourceA
VirtualQuery
Process32First
Process32Next
CreateToolhelp32Snapshot
WinExec
GetTempPathA
DeleteFileA
GetFullPathNameA
OutputDebugStringA
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
VirtualAlloc
LoadLibraryA
VirtualProtect
GetCommandLineA
CreateEventA
GetComputerNameA
CreateDirectoryA
LocalAlloc
LocalFree
DeleteCriticalSection
HeapCreate
LockResource
InterlockedCompareExchange
InterlockedIncrement
SwitchToThread
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
GetCurrentThreadId
CreateIoCompletionPort
WaitForMultipleObjects
GetQueuedCompletionStatus
InterlockedExchangeAdd
CreateFileMappingA
MapViewOfFileEx
PostQueuedCompletionStatus
ResetEvent
SetEvent
CreateSemaphoreA
ReleaseSemaphore
SetEndOfFile
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
SizeofResource
TerminateThread
WideCharToMultiByte
WaitForSingleObject
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetCurrentProcess
CloseHandle
GetFileSize
CreateFileA
GlobalFree
GetLastError
MultiByteToWideChar
Sleep
OutputDebugStringW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GlobalAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
ReadFile
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
HeapSize
HeapReAlloc
RaiseException
GetStringTypeW
DecodePointer
EncodePointer
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TranslateMessage
DispatchMessageA
PeekMessageA
wsprintfA
MsgWaitForMultipleObjectsEx

advapi32

CreateServiceA
OpenSCManagerA
StartServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

ole32

CoCreateGuid

shlwapi

StrChrA
PathIsDirectoryA
PathFileExistsA
StrPBrkA

iphlpapi

GetAdaptersInfo
SendARP

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

wsock32

gethostbyname
WSAGetLastError
ioctlsocket
inet_addr
gethostname
htonl
ntohl
send
closesocket
socket
bind
recv
WSACleanup
setsockopt
htons
WSAStartup
connect
sendto
recvfrom
getsockopt
WSASetLastError
shutdown
ntohs
getsockname
inet_ntoa
listen

ws2_32

WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACloseEvent
getaddrinfo
WSARecv
WSASend
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAIoctl
WSACreateEvent
WSAGetOverlappedResult

winmm

timeGetTime

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sign
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

16b847cfa099c4361b32e4c7882cbc3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

iphlpapi

wininet

wsock32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 268KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 24KB - Virtual size: 24KB

.sign Size: 4KB - Virtual size: 4KB

.vmp0 Size: 644KB - Virtual size: 644KB

.vmp1 Size: 928KB - Virtual size: 928KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 268KB - Virtual size: 268KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 24KB - Virtual size: 24KB

.sign
Size: 4KB - Virtual size: 4KB

.vmp0
Size: 644KB - Virtual size: 644KB

.vmp1
Size: 928KB - Virtual size: 928KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 116KB