7796341937010110a266a127d86df0725e625d9be1c02fc4fa5dc7fe96a42598

Sharing

Copy URL

Twitter E-mail

General

Target

7796341937010110a266a127d86df0725e625d9be1c02fc4fa5dc7fe96a42598
Size

1.7MB
MD5

00479fec2fee0d8e6961a59456922a29
SHA1

4ce8fae9a17bb00b7fc9ad073e6c3032beec3514
SHA256

7796341937010110a266a127d86df0725e625d9be1c02fc4fa5dc7fe96a42598
SHA512

24da0ffb16dd549badaa26feb42e883018f934ea68a210afbd45031646a9091facc41ac3419458e59f0a90bda6609a8516bb4da3ab34504cf65f31ecb62392d0
SSDEEP

49152:mNa8vnCim6x4Mz9SEHM0iTnDJJZk425V/zaBM3SbawwtlA:4xWTEHMba4aBN3SbAA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/WB/libcurl.dll	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WB/libcurl.dll
unpack001/WB/茧火虫用户端 V1.0.2.exe

Files

7796341937010110a266a127d86df0725e625d9be1c02fc4fa5dc7fe96a42598
.rar
WB/libcurl.dll
.dll windows:4 windows x86 arch:x86

756a9edb427227393ce6ae8954c6dff7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1168

msvcrt

free

kernel32

VirtualAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

Exports

Exports

*Tx��'�� ׬��D��?|��}O �md�%��VP�F 9��N�[Z��;��]>�k��<�G��Y��Q��L��g'��"��J҃h��Gu-Ӿ��a B�$�!%� G��ӿ�q�,[�� ktn��}��: �&�5��.��D[> ��Y\wmޮ5��Qz��\�-�� ;7��䃎P��H b��,n#v,��祒��xi��sWi��0�� F��a�-F�9S��T�o��ʸ�f�<� ��@�i��Y%Pt)��A��8�J�Z��Bv��R��}m3P�;4�$6�:�N)=Q� ��"��֗�� ?��2�(:Qq?��Y� D#ג�Ue��L�v܍�َc��u��N��A��c%��g�ϫ?�W����Wqh��*��os�Λ5q��t��]��t��E�SK9ٱ�ࢌ|b6�:�F��f�e+��k��]��i�@�Ns�z�y��%�)ZA�DT�;ڨ'L�?zn?6LY��b��u�9O��Owu�!V�.Q�zRM��x֊�5��{��B��8kll�p<�ȉ0��\��4��@e>��y��o�V�ߕ�`!��a��7�xm�2S[�sg�$h� �'!��P�?Y�'2^�V��ke(mH�eS#Kn�} ��Pb��WhtO'Ӹr�$��,E��g�g�ŘáQ�<9�)q�I�7�Z�˦�fd6�ݜ͞��@}�t��L��F�.��b�s��}Xp5�v��"u ��@�"��F�� Zhj��y��I�߳�z�?#�r��6ʻ� 4G��V�!�i�"��R�ȧ��a+S�YUN�v[9G��(`��C��*��]~9��O%ca�,C�y��*b��_+��u��%X"��Rޤ6��;��C��30t��x�F�(ȱq��9v��e�(�U��r��Ɗ��ã�-I� �༣��_z�Ʉ)sD-X��J�Hx��N��O0�U��9_V.��{$�9+��'��s�Gu [|y�m} Y��9c(��8��+v�b@��os5w[â�{��㷹n?*�#g��.L�Nv�|�i2��_�(�qd�и�c��(��r�GtD�� )�7��ɾ��h�<u�N^.�w ί�`C4|L>�OɅ�j�r3q�L�>Z^�GN�o��'o�W,q7B��B5'�Ǿ�z��G%B��^ �I�Ռli:0+N��c�}I�3ŧk��o�5"Y�)+��O�� KEU�&�p��u%8��0m�� eD�D?c�)�D��@��0N*QƼE��A��g�˥��Gm��=��E��3!&I`D��d�'s��@�9��+�-3`�_E>��D��E��1��*�zf�c�􉲶&�W�XE.��m�3g�PO�� ~vB��*V��ж ?�J��v��񼬫��W�{��'��7A�O�-<4�f4#�J$�U*�"[Ф��M`}��J�y/��Ƴ�7+`�AMR6hm*��4RoD@{+��s'/�+�a��xZI�u��Wqu-�鴋�h'hS�<ܿ�1�\�D�G!H�/��e��Ri�:��V�{��f��wzxlJ��8 ��n��.�4V��7W٬P�r\a5q�~8��y}�;WW�xNf�C��?r\�$諞�m��a�n<*��E=�:i��>g�Aۆ�x�"�`��kO"�p6�?�eN*R�yxI��|w$^__Y��D��ķ��H0=�\��Տz��+G��V�(#�� `2�)��$,쇂Wڻ�|�L1�"��IZÅ�PH��(&�ŸF��L��w'��=�ս5�Y�Չ��h��x^�Qe�&D0B�P��L�P��9�%�̄��m��P�2N*<"�� ](�\@��<�y��Z+��S��i��ݶ��t��{=�<w��P4S� D�8A~�eD�S_tY��;�蕦�gu�$ַ��k�钑mh9��V��Mom�dTM��2�p_L7��[ f��䧂YL��.�-ӨKhF��0˞��Q�d�e�Ї++á��˲��r�=�h��è��o��0${�͵�a�S�EY�kU��F�KLd�)+l��Q��i�[��9e��#��$4��n9詹��%/�"��pͬ��e�!��֜��& ��u��4d��y��cQ��^&q��*GF��O��≩��}�fjsr�Y*��١��&[��)H`��Ki{ ��q�T� p��a��ߨaB�'��(��FB�<��^[FR�&|�yox5��O�t}#��O��(��9�U��r%bTP�U��Mp�"�\��;^�:ז��?�L��hJ!�NB� �OW �A2_r�֙O8:�]�?��\#�g��d�K�*��W ��Ժ5�E��ߘ4�͡4C�gPQ�.{KN�o�'�27��ٚ2g�a��p#{Y�X�q��Au^��#3l8$��,+Ў�`��d�ɖu,��>,[V��ʟ��0=��.��t�o$��^ ��c��v%:��o��0��#Y�Sg�}��˃d!4U� �v��g ��7Pu@��x��s��=�E|��1�_�zL�z�V]�ì[��,�HO�v�� ctc��[hti%��ֽw�pd �WI��p�]J�gږH��όυ�J��$��uȾ!��+q�*��.�T׆KϮ��̙��|�``�>�?� �V/�*FzP��d"�~�Z�}fh� �O�C��u�8��M��]J��B�o�a5S��WE�rf�xy؍ �f R��3d��9JE Ϸ�J��4��q��p?Ö
curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_global_init

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WB/茧火虫用户端 V1.0.2.exe
.exe windows:5 windows x86 arch:x86

d1c1623f9bbf0e177ab5768de0518cba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\yxfile\yxfile\bin\yxfile.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetEvent
GetCurrentProcess
SetUnhandledExceptionFilter
FindFirstFileW
InterlockedDecrement
IsWow64Process
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetModuleHandleA
lstrcpynW
lstrlenW
lstrcatW
GetLongPathNameA
GetVersionExW
FindResourceW
LoadResource
SizeofResource
LockResource
FreeResource
GetNativeSystemInfo
FlushFileBuffers
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
LoadLibraryA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
DecodePointer
SetFilePointerEx
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
CreateProcessA
AreFileApisANSI
GetCurrentThreadId
WaitForSingleObject
CreateEventW
GetModuleHandleW
ExpandEnvironmentStringsW
GetModuleFileNameW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
TerminateThread
CloseHandle
WriteFile
OpenMutexW
OutputDebugStringW
GetLastError
CreateFileA
WaitNamedPipeA
OutputDebugStringA
GetTickCount
Sleep
CreateThread
DeleteFileW
LeaveCriticalSection
GetExitCodeProcess
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
FindFirstFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
InterlockedIncrement
GetLocalTime
CreateDirectoryW
LocalFileTimeToFileTime
SetFileTime
EnterCriticalSection
DeleteCriticalSection
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
lstrcmpiW
GetCurrentDirectoryW
MulDiv
GetACP
ExitProcess
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
RaiseException
InitializeCriticalSection

user32

ChangeWindowMessageFilter
SetWindowPos
IntersectRect
SetWindowsHookExW
RegisterWindowMessageW
IsIconic
IsZoomed
GetParent
UnhookWindowsHookEx
GetSystemMetrics
MoveWindow
LoadIconW
CreatePopupMenu
AppendMenuW
GetWindowThreadProcessId
AttachThreadInput
MapVirtualKeyW
GetKeyNameTextA
TrackPopupMenu
UnregisterHotKey
GetFocus
PtInRect
GetKeyState
GetForegroundWindow
IsWindowVisible
GetWindowRect
ShowWindow
PostQuitMessage
MessageBoxA
CallNextHookEx
DestroyIcon
PostMessageW
SetTimer
KillTimer
GetCursorPos
ClientToScreen
InvalidateRect
SendMessageW
SetForegroundWindow
MessageBoxW
ScreenToClient
SetWindowTextW
RegisterClipboardFormatW
mouse_event
LoadCursorW
SetClassLongW
FindWindowExW
IsWindow
FindWindowW
DestroyMenu
TrackPopupMenuEx
SetFocus
GetClientRect
ReleaseDC
GetDC
GetIconInfo
CloseClipboard
SetClipboardData
SetWindowRgn
OffsetRect
GetWindowLongW
SetWindowLongW
MonitorFromWindow
SetCursor
InflateRect
UnionRect
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
DestroyWindow
CharNextW
GetActiveWindow
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
MapWindowPoints
GetSysColor
IsRectEmpty
GetWindow
LoadImageW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
MonitorFromPoint
UpdateWindow
RegisterHotKey
GetWindowTextW
GetWindowTextLengthW
EnableMenuItem
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
IsWindowEnabled
CharPrevW
DrawTextW
FillRect
SetRect
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
UpdateLayeredWindow
GetWindowRgn
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
EmptyClipboard
OpenClipboard
WindowFromPoint
GetMonitorInfoW
EnumDisplayMonitors
PostThreadMessageW

gdi32

DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
GetObjectW
BitBlt
CreateDIBitmap
CreateFontIndirectW
CreatePen
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
SetWindowOrgEx
CreatePatternBrush
CreateSolidBrush
SetBkColor
SetBkMode
SetTextColor
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
CreateRoundRectRgn
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
StretchBlt
SetStretchBltMode
CreateDIBSection
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreateRectRgn
PtInRegion
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetClipBox

comdlg32

GetOpenFileNameW

advapi32

RegDeleteValueW
RegQueryValueExA
RegSetValueExA
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegQueryInfoKeyA
RegCreateKeyExW
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteA
SHBrowseForFolderW
DragAcceptFiles
ShellExecuteW
SHGetPathFromIDListW
SHGetFileInfoW
Shell_NotifyIconW
SHGetDesktopFolder
SHCreateItemFromParsingName
ShellExecuteExW
SHFileOperationW
SHParseDisplayName
SHBindToParent
ord155
SHGetSpecialFolderLocation
ord716
SHAppBarMessage
DragFinish
DragQueryFileW
ord727
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium
CreateStreamOnHGlobal
DoDragDrop
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
OleLockRunning

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHICON
GdipImageGetFrameCount
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipSaveImageToFile
GdipCreateFontFromDC
GdipDrawImageRectI
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipCloneStringFormat
GdipCreateFontFromLogfontA
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipFillPath
GdipFillRectangleI
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipCreateBitmapFromHBITMAP
GdipDeleteStringFormat
GdipDrawPath
GdiplusStartup
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI

libcurl

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_global_init
curl_easy_setopt

winhttp

WinHttpGetIEProxyConfigForCurrentUser

dbghelp

MiniDumpWriteDump

msi

ord173
ord217

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
gethostname
WSAStartup

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 497KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 483KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

756a9edb427227393ce6ae8954c6dff7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.vmp0 Size: - Virtual size: 81KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 728KB - Virtual size: 727KB

.reloc Size: 512B - Virtual size: 372B

d1c1623f9bbf0e177ab5768de0518cba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

libcurl

winhttp

dbghelp

msi

iphlpapi

ws2_32

imm32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 497KB - Virtual size: 496KB

.data Size: 25KB - Virtual size: 51KB

.gfids Size: 1024B - Virtual size: 880B

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 483KB - Virtual size: 482KB

.reloc Size: 76KB - Virtual size: 75KB

We care about your privacy.

.text
Size: - Virtual size: 1.3MB

.vmp0
Size: - Virtual size: 81KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 728KB - Virtual size: 727KB

.reloc
Size: 512B - Virtual size: 372B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 497KB - Virtual size: 496KB

.data
Size: 25KB - Virtual size: 51KB

.gfids
Size: 1024B - Virtual size: 880B

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 483KB - Virtual size: 482KB

.reloc
Size: 76KB - Virtual size: 75KB