4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3

Sharing

Copy URL

Twitter E-mail

General

Target

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
Size

568KB
MD5

b8f8d5ebb2e5ceb1be6cce0d9b507348
SHA1

da2bfb5c28673e5db756709a88dabac0c723c1bf
SHA256

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
SHA512

6f217ff4ed7812676bdf16dc69644871eb015e5d25676ce7a7cabca175aa6b669b93c8ac2ff595173012633b8d6ec62288df804c3bec020846af9ddac06bedcc
SSDEEP

12288:hTKhyGHAMo1ltnM0fcSzUt7XcdGb9rq+G0e/KhsB:h8nHg1lJM0UeUp4t/Kh

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3

Files

4f955c852c99136e35b2933cc31d6eb0b17637b6e4a82855c7729d2fd4722ba3
.dll windows:4 windows x86 arch:x86

bf8445a4ac345e91d624cce49aaebc0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadStringA
GetSysColorBrush
LoadCursorA
LoadIconA
UpdateWindow
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
CopyRect
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
PostThreadMessageA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
CreateDialogIndirectParamA
SetPropA
DestroyMenu
ReleaseDC
GetDC
EndDialog
GetPropA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
GetInputState
MsgWaitForMultipleObjects
CallWindowProcA
GetAsyncKeyState
GetTopWindow
SetTimer
MessageBoxA

kernel32

lstrcmpiA
GlobalFlags
MulDiv
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
lstrlenA
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
Sleep
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
InterlockedIncrement
QueryDosDeviceA
RtlMoveMemory
OpenEventA
CreateThread
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateWaitableTimerA
SetWaitableTimer
IsBadReadPtr
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetNumberFormatA
LocalAlloc
LocalFree
GetCurrentProcess
OpenProcess
ReadProcessMemory
GetCurrentProcessId
TerminateProcess
GetModuleHandleA
lstrlenW
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
GetLocalTime
GetUserDefaultLCID
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
SetLocalTime
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
LCMapStringA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetLastError
GlobalFindAtomA
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
RaiseException
RtlUnwind
GlobalAddAtomA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
WriteFile
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
VirtualProtect
GetModuleFileNameA
ExitProcess

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
OleUninitialize

shlwapi

PathFindFileNameA
PathFileExistsA

winmm

PlaySoundA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
OffsetViewportOrgEx
GetDeviceCaps
SetViewportOrgEx
SetMapMode
SetTextColor
CreateBitmap
Escape
DeleteObject
DeleteDC
ExtTextOutA
TextOutA
GetObjectA
GetStockObject
SaveDC
RestoreDC
RectVisible
PtVisible
SelectObject
SetBkColor

atl

ord42

oledlg

ord8

oleaut32

SysAllocString
VariantClear
SafeArrayDestroy
RegisterTypeLi
SafeArrayDestroyDescriptor
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
LoadTypeLi
LHashValOfNameSys
SafeArrayCreate

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

ws2_32

shutdown
WSACleanup
closesocket

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Exports

Exports

MOV_��_EAX
��ʼ��

Sections

.text
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf8445a4ac345e91d624cce49aaebc0e

Headers

File Characteristics

Imports

user32

kernel32

ole32

shlwapi

winmm

gdi32

atl

oledlg

oleaut32

advapi32

ws2_32

winspool.drv

comctl32

Exports

Exports

Sections

.text Size: - Virtual size: 354KB

.rdata Size: - Virtual size: 23KB

.data Size: - Virtual size: 365KB

.rsrc Size: 4KB - Virtual size: 680B

.vmp0 Size: - Virtual size: 29KB

.vmp1 Size: - Virtual size: 126KB

.vmp2 Size: 556KB - Virtual size: 555KB

.reloc Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 354KB

.rdata
Size: - Virtual size: 23KB

.data
Size: - Virtual size: 365KB

.rsrc
Size: 4KB - Virtual size: 680B

.vmp0
Size: - Virtual size: 29KB

.vmp1
Size: - Virtual size: 126KB

.vmp2
Size: 556KB - Virtual size: 555KB

.reloc
Size: 4KB - Virtual size: 60B