d8014e20e1c6e478b7bacbb392c878ecef43c4942b3d479bd9116c0bcbb9455eN

Sharing

Copy URL

Twitter E-mail

General

Target

d8014e20e1c6e478b7bacbb392c878ecef43c4942b3d479bd9116c0bcbb9455eN
Size

1.5MB
MD5

b1613b8c5152ac4a330c74cd9c832550
SHA1

d8190cc3195175e64e86d683c077ffc6b9e41dd4
SHA256

d8014e20e1c6e478b7bacbb392c878ecef43c4942b3d479bd9116c0bcbb9455e
SHA512

1f2bdd23758c4474d1c0efb2175538ffd7928bde880f041ef73bbaff79f9309f8495677016bb1854265da7c623c08e9a4bee3e60ad428419b370ce16ca11bd93
SSDEEP

24576:2McI5efO5+2z9VGOMZt86LPedhbNbYelvbKkhhY9riLY3oHx+oVPngto54DAa:2McOXz+/8HbCeNDLaiLY4H5/xEAa

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8014e20e1c6e478b7bacbb392c878ecef43c4942b3d479bd9116c0bcbb9455eN

Files

d8014e20e1c6e478b7bacbb392c878ecef43c4942b3d479bd9116c0bcbb9455eN
.dll windows:5 windows x86 arch:x86

0de0d49e436a5d47913a83b540b4ad6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\visual studio 2010\Projects\DXFBuff(2)\Release\DXFBuff.pdb

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
CryptCreateHash

ws2_32

listen
ioctlsocket
gethostname
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
accept

wldap32

ord41
ord46
ord301
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord27

kernel32

GetStringTypeW
GetCurrentDirectoryW
CreateFileA
GetFullPathNameA
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
WriteFile
LCMapStringW
HeapDestroy
HeapCreate
ExitProcess
HeapSize
IsProcessorFeaturePresent
GetModuleHandleW
TlsFree
TlsSetValue
LoadLibraryW
WriteConsoleW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
FreeEnvironmentStringsW
TlsGetValue
IsBadReadPtr
VirtualProtect
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MapViewOfFile
GetCurrentProcess
GetCurrentThread
Sleep
GetProcAddress
GetTempFileNameA
GetLocalTime
CreateFileMappingA
GetModuleHandleA
GetTempPathA
OpenFileMappingA
GetPrivateProfileIntA
DeleteCriticalSection
SetLastError
GetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
CloseHandle
WaitForSingleObject
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
LoadLibraryA
ExpandEnvironmentStringsA
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
VirtualFree
VirtualAlloc
EncodePointer
DecodePointer
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
ExitThread
CreateThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFilePointer
FindClose
GetDriveTypeA
FindFirstFileExA
RaiseException
TerminateProcess
CreateFileW

user32

SendMessageA
SetWindowLongA
CallWindowProcA
SetTimer
KillTimer
FindWindowA
GetAsyncKeyState

psapi

GetModuleInformation

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HVM
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0de0d49e436a5d47913a83b540b4ad6c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

wldap32

kernel32

user32

psapi

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 9KB - Virtual size: 17KB

.vmp1 Size: 512B - Virtual size: 436B

.vmp0 Size: 21KB - Virtual size: 21KB

.HVM Size: 806KB - Virtual size: 806KB

.vmp2 Size: 262KB - Virtual size: 261KB

.reloc Size: 17KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 434B

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 9KB - Virtual size: 17KB

.vmp1
Size: 512B - Virtual size: 436B

.vmp0
Size: 21KB - Virtual size: 21KB

.HVM
Size: 806KB - Virtual size: 806KB

.vmp2
Size: 262KB - Virtual size: 261KB

.reloc
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 434B