836df4a4ad12a7881f507beee931c5792b8d8c3ad898707f87af8cf9edc80898

Sharing

Copy URL

Twitter E-mail

General

Target

836df4a4ad12a7881f507beee931c5792b8d8c3ad898707f87af8cf9edc80898
Size

621KB
MD5

adcceff6fb250d95ef20e0e5e85bbd17
SHA1

7ee58bab195afe8b1b437e075865dd6a7e2e073e
SHA256

836df4a4ad12a7881f507beee931c5792b8d8c3ad898707f87af8cf9edc80898
SHA512

a91d9d8de6216a489bca20a6a9fb9a93b045548ce039b8090141d72b9bea6f1ace3c2cda962eb569600ffff91ff15bdfb7daa54341765c19ab2ecb718d6e2eec
SSDEEP

6144:yH9uFCv7455kr2a1JUd3jgOBt/LMrzvQqlwsngGnFd4mvctrFGAO3fqn0O4sKUC8:GA5kr1y0UTMrp50hgP00OI5vncJots

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836df4a4ad12a7881f507beee931c5792b8d8c3ad898707f87af8cf9edc80898

Files

836df4a4ad12a7881f507beee931c5792b8d8c3ad898707f87af8cf9edc80898
.dll windows:5 windows x86 arch:x86

dbca385443bd6d1b2530db5439debbd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
SetHandleCount
InitializeCriticalSectionAndSpinCount
HeapSize
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
HeapDestroy
GetUserDefaultLCID
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTimeZoneInformation
CreateThread
ResumeThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
GetProcessHeap
ProcessIdToSessionId
GetLocalTime
GetTickCount
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetProfileIntW
Sleep
DeleteFileW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
InterlockedExchange
LoadLibraryA
GetVersionExW
OutputDebugStringW
MulDiv
GetCurrentProcessId
GetProcAddress
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
VerifyVersionInfoW
HeapCreate
TerminateProcess
GetLocaleInfoA
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetFileSize
WriteFile
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
FreeResource
ExitProcess
GetModuleHandleW
GetCurrentDirectoryW
GetModuleFileNameW
GetACP
VerSetConditionMask
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetSystemMetrics
FindWindowExW
IsWindow
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetWindowLongW
OffsetRect
CharPrevW
DrawTextW
FillRect
SetWindowRgn
CharNextW
GetUpdateRect
MapWindowPoints
GetFocus
DestroyWindow
GetClassInfoExW
RegisterClassW
GetClientRect
SetPropW
IsWindowVisible
LoadImageW
GetParent
MonitorFromWindow
GetMonitorInfoW
PtInRect
GetWindowRect
LoadCursorW
GetCursorPos
ScreenToClient
SetCursor
BeginDeferWindowPos
DeferWindowPos
GetWindow
SetFocus
InvalidateRgn
GetCapture
SetCapture
UpdateWindow
GetMessageW
DispatchMessageW
ReleaseCapture
GetPropW
GetWindowThreadProcessId
HideCaret
CallWindowProcW
ShowWindow
SetWindowTextW
CreateWindowExW
SendMessageW
SetWindowLongW
PostMessageW
MoveWindow
InvalidateRect
ClientToScreen
GetWindowTextLengthW
SetWindowPos
LoadAcceleratorsW
GetKeyState
TranslateAcceleratorW
TranslateMessage
RegisterClassExW
SetForegroundWindow
SetTimer
GetDlgCtrlID
DefWindowProcW
PostQuitMessage
KillTimer
IsIconic
GetForegroundWindow
OpenClipboard
MessageBoxW
GetDC
MonitorFromPoint
EndDeferWindowPos
SetRect
IntersectRect
InflateRect
EqualRect
SetRectEmpty
EmptyClipboard
IsRectEmpty
IsZoomed
wsprintfW
mouse_event
BringWindowToTop
EndPaint
BeginPaint
CloseClipboard
SetClipboardData
ReleaseDC
MessageBoxA

gdi32

GetPixel
StretchBlt
CreateCompatibleBitmap
SetTextColor
BitBlt
GetTextExtentPoint32W
GetObjectA
CreateFontIndirectW
CreateDCW
CreatePen
ExtTextOutW
SetBkColor
RestoreDC
PatBlt
SetBkMode
UnrealizeObject
Rectangle
SetROP2
GetStockObject
SetWindowOrgEx
GetCharABCWidthsW
TextOutW
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetStretchBltMode
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRoundRectRgn
GetTextMetricsW
SetViewportOrgEx
SetMapMode
SaveDC
CreatePatternBrush
CreateBitmap
GetObjectW
SetDIBColorTable
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetDeviceCaps

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal

comctl32

ord17
_TrackMouseEvent

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDeleteBrush
GdipCloneBrush
GdipLoadImageFromStream
GdipCreateLineBrushI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipResetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImagePointRectI
GdipLoadImageFromFile
GdipDrawLine
GdipDrawLines
GdipAddPathLine2
GdipSetPenBrushFill
GdipCreateFont
GdipFillEllipseI
GdipDrawString
GdipCreateFontFromLogfontW
GdipDrawEllipseI
GdipDrawLineI
GdipSetPenWidth
GdipDrawRectangleI
GdipSetPenDashStyle
GdipDrawPath
GdipFillPath
GdipDeletePen
GdipCreatePen1
GdipAddPathLine2I
GdipSetSmoothingMode
GdipFillRectangleI
GdipCreateSolidFill
GdipDeletePath
GdipCreateFromHDC
GdipAddPathLineI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipCreatePath
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipCreateTexture
GdipCreateFontFamilyFromName

shlwapi

PathFindExtensionW

Exports

Exports

InitCaptureParam
InitCaptureParamW
InitScreenCapture
InitScreenCaptureW
SetUseCallbackEx
StartScreenCapture
StartScreenCaptureW

Sections

.text
Size: - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbca385443bd6d1b2530db5439debbd0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

comctl32

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 486KB

.rdata Size: - Virtual size: 96KB

.data Size: - Virtual size: 6.0MB

.rsrc Size: 36KB - Virtual size: 151KB

.vmp0 Size: - Virtual size: 49KB

.vmp1 Size: - Virtual size: 181KB

.vmp2 Size: 584KB - Virtual size: 583KB

.reloc Size: 512B - Virtual size: 52B

.text
Size: - Virtual size: 486KB

.rdata
Size: - Virtual size: 96KB

.data
Size: - Virtual size: 6.0MB

.rsrc
Size: 36KB - Virtual size: 151KB

.vmp0
Size: - Virtual size: 49KB

.vmp1
Size: - Virtual size: 181KB

.vmp2
Size: 584KB - Virtual size: 583KB

.reloc
Size: 512B - Virtual size: 52B