3c8494107c0bc585cd1e268ed7c0916e8e90e8e260afafcd41619ce7f66e8780

Sharing

Copy URL Twitter E-mail

General

Target

3c8494107c0bc585cd1e268ed7c0916e8e90e8e260afafcd41619ce7f66e8780
Size

2.5MB
MD5

41ef11aa6774cb4789bcaf642fafcde8
SHA1

5dc3c48d647b648b6f9230aa4e5ab6ac35f8ae7a
SHA256

3c8494107c0bc585cd1e268ed7c0916e8e90e8e260afafcd41619ce7f66e8780
SHA512

8104df2294aa0296ffa1edbc98eb29da548e69c14b3a0259a6e5d81de69afcb5e2b73be755b05a6305d01b63e7ebe1f309535d3412804a37e3417ade5bd4abc9
SSDEEP

49152:cqRbUoaN49+/iWSG7/3XNMPBiz1P1zla51gW42xQT:PbUA+qWSGz3dgBiBP9M3gM

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c8494107c0bc585cd1e268ed7c0916e8e90e8e260afafcd41619ce7f66e8780

Files

3c8494107c0bc585cd1e268ed7c0916e8e90e8e260afafcd41619ce7f66e8780
.dll regsvr32 windows:6 windows x86 arch:x86

b7147de0f300232e41a8b61b523716ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\builds\Deleaker\2024_7\deleaker-build\working\deleaker-trunk\deleaker2\!bin\Release\unprotected\deleakersdk32.pdb

Imports

ntdll

strncmp
memcpy
wcstoul
_chkstk
memset
_allshl
_allshr
_aullshr
isprint
strtoul
_aulldiv

kernel32

SetLastError
GlobalSize
lstrcpynW
GetProcessHandleCount
GetThreadContext
FlushFileBuffers
ReadFile
WriteFile
DuplicateHandle
GetLastError
CreatePipe
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentProcess
TerminateProcess
CreateThread
CreateProcessW
lstrlenW
VirtualFree
ResetEvent
CreateMutexW
OpenMutexW
OpenEventW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetLocalTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
ContinueDebugEvent
CloseHandle
WaitNamedPipeW
HeapAlloc
GetProcessHeap
ExitProcess
CreateRemoteThread
GetCurrentThread
SuspendThread
ResumeThread
VirtualProtect
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
GetModuleHandleW
GetProcAddress
GlobalUnlock
GlobalLock
LocalLock
LocalUnlock
LocalFree
lstrcmpiW
lstrlenA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetFileSize
HeapFree
GetModuleFileNameW
lstrcpyA
lstrcpyW
GetStdHandle
SetErrorMode
FreeLibrary
LoadLibraryW
LocalAlloc
HeapReAlloc
GetWindowsDirectoryW
lstrcatW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
HeapCreate
HeapDestroy
TlsAlloc
TlsFree
GetSystemInfo
GetVersionExW
VirtualAlloc
OpenProcess
VirtualQuery
SetEndOfFile
SetFilePointer
HeapSize
ReleaseMutex
Sleep
DebugBreak
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
OpenThread
FlushInstructionCache
GetSystemDirectoryW
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryA
FormatMessageW
lstrcmpA
FileTimeToSystemTime
GlobalDeleteAtom
GlobalAddAtomW
VirtualFreeEx
SetEnvironmentVariableW
TlsGetValue
TlsSetValue
WaitForDebugEvent
DebugActiveProcess
GetExitCodeProcess
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

user32

GetGuiResources
GetPropW
SetWindowsHookExW
EnumChildWindows
CallNextHookEx
UnhookWindowsHookEx
SetPropW
wsprintfW
wsprintfA
GetClassLongW
MessageBoxA
RemovePropW
MessageBoxW
CharUpperBuffW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoReleaseMarshalData
CoUninitialize
GetHGlobalFromStream
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromCLSID
CoCreateFreeThreadedMarshaler
CoMarshalInterface
CreateStreamOnHGlobal
CoInitialize
CoGetClassObject
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoInitializeEx

oleaut32

SafeArrayGetUBound
SysStringLen
SysFreeString
SafeArrayGetLBound
SafeArrayAccessData
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayGetVartype
SysAllocString
SafeArrayUnaccessData
SafeArrayCreate

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

DeleakerClientApi_IgnoreLeaks
DeleakerClientApi_TakeSnapshotA
DeleakerClientApi_TakeSnapshotForCurrentThreadA
DeleakerClientApi_TakeSnapshotForCurrentThreadW
DeleakerClientApi_TakeSnapshotForProcessThreadA
DeleakerClientApi_TakeSnapshotForProcessThreadW
DeleakerClientApi_TakeSnapshotW
DeleakerSDK_8C32B193DA4B491C95C699FC6556FC04
DeleakerSDK_AsyncSymbolsLoaderW
DeleakerSDK_AttachMixedBitnessProcessHelper
DeleakerSDK_AttachToProcess
DeleakerSDK_CacheDwarfSymbolsW
DeleakerSDK_CreateAllocationGroupFilter
DeleakerSDK_CreateClrClassFilter
DeleakerSDK_CreateDelphiClassFilter
DeleakerSDK_CreateProcessForDebuggingExW
DeleakerSDK_CreateProcessForDebuggingW
DeleakerSDK_CreateProcessToDebugActiveProcess
DeleakerSDK_CreateResourceUsageMonitor
DeleakerSDK_CreateSnapshotDatabase
DeleakerSDK_DbgInfoProviderW
DeleakerSDK_DeleakerDebuggerW
DeleakerSDK_DeleteWorkingFiles
DeleakerSDK_DetachFromProcess
DeleakerSDK_EmptyEntry
DeleakerSDK_EnableAllAllocationTypes
DeleakerSDK_EnableAllocationType
DeleakerSDK_EnableDebugLog
DeleakerSDK_EnableMicrosoftSymbolServers
DeleakerSDK_EnableOption
DeleakerSDK_EnableSymbolFileLocations
DeleakerSDK_Exit
DeleakerSDK_ExternallyUsedByDebugger_HooksManager_Base
DeleakerSDK_ExternallyUsedByDebugger_HooksManager_RuntimeFunctionTable
DeleakerSDK_ExternallyUsedByDebugger_HooksManager_RuntimeFunctionTableLengthPtr
DeleakerSDK_ExternallyUsedByDebugger_HooksManager_Size
DeleakerSDK_FreeHandle
DeleakerSDK_GetBuildDate
DeleakerSDK_GetCurrentSnapshotVersion
DeleakerSDK_GetDefaultExcludedFunctions
DeleakerSDK_GetDefaultExcludedModuleDirs
DeleakerSDK_GetDefaultExcludedModules
DeleakerSDK_GetDefaultIntermediateFunctions
DeleakerSDK_GetDefaultIntermediateModules
DeleakerSDK_GetDefaultMaxStackDepth
DeleakerSDK_GetDeleakerDir
DeleakerSDK_GetLicenseInformation
DeleakerSDK_GetLicenseUserData
DeleakerSDK_GetRegisteredUserName
DeleakerSDK_GetSerialKey
DeleakerSDK_GetSnapshotDbPath
DeleakerSDK_GetSymbolLocationsCombinedByAsterix
DeleakerSDK_HandleIsInArg
DeleakerSDK_Init
DeleakerSDK_InitById
DeleakerSDK_IsAllocationTypeEnabled
DeleakerSDK_IsDelphiRegisterExpectedMemoryLeakSuccessed
DeleakerSDK_IsDelphiUnregisterExpectedMemoryLeakSuccessed
DeleakerSDK_IsMicrosoftSymbolServersEnabled
DeleakerSDK_IsRegistered
DeleakerSDK_MakeSnapshot
DeleakerSDK_MakeSnapshotDiff
DeleakerSDK_ModuleExecutableAddresses
DeleakerSDK_OpenSnapshotDatabase
DeleakerSDK_Prolog_FreeHandle
DeleakerSDK_Prolog_Increment_Count
DeleakerSDK_RegisterCallback
DeleakerSDK_RegisterExpectedMemoryLeak
DeleakerSDK_RemoteAgent_Init
DeleakerSDK_RemoteAgent_ThreadProc
DeleakerSDK_RetValueIsHandle
DeleakerSDK_SegmentBrokenFramePointersAddressesRanges
DeleakerSDK_SetDebugLogLevel
DeleakerSDK_SetDeleakerSdkRawData
DeleakerSDK_SetExcludedFunctions
DeleakerSDK_SetIntermediateFunctions
DeleakerSDK_SetIntermediateModules
DeleakerSDK_SetLogFileA
DeleakerSDK_SetLogFileW
DeleakerSDK_SetMaxStackDepth
DeleakerSDK_SetMonitorableModuleNamesA
DeleakerSDK_SetMonitorableModuleNamesW
DeleakerSDK_SetProfilerMode
DeleakerSDK_SetSymbolFileLocations
DeleakerSDK_SetSymbolsCacheDirectoryA
DeleakerSDK_SetSymbolsCacheDirectoryW
DeleakerSDK_SetUserSourceFiles
DeleakerSDK_SetWorkingDirA
DeleakerSDK_SetWorkingDirW
DeleakerSDK_UnregisterExpectedMemoryLeak
DeleakerSDK_UpdateSymbols
DeleakerSDK_WriteLogA
DeleakerSDK_WriteLogW
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g_TlsIndexOfMaskExceptionsFlag_D5C20446_6E81_44db_ABBD_40CCFD3C4E8F

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7147de0f300232e41a8b61b523716ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

psapi

user32

shell32

ole32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 2KB - Virtual size: 463KB

.idata Size: 7KB - Virtual size: 6KB

.vmp0 Size: 1.1MB - Virtual size: 1.1MB

.vmp1 Size: 54KB - Virtual size: 54KB

.reloc Size: 41KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 2KB - Virtual size: 463KB

.idata
Size: 7KB - Virtual size: 6KB

.vmp0
Size: 1.1MB - Virtual size: 1.1MB

.vmp1
Size: 54KB - Virtual size: 54KB

.reloc
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB