UUDPTBXHGP[.]t

Sharing

Copy URL

Twitter E-mail

General

Target

UUDPTBXHGP.t
Size

6.1MB
MD5

b15850bf1a5712a40e7cb9dba90e54be
SHA1

7b4b4d5a24e8123f32f5260382917c05d2fd5789
SHA256

4eab28bf6548c6a24b13e8bdbda9bbac66a8df97a31c77426e0e46c5503213c8
SHA512

5a8d3d0ba102a23bd6d1b65f7b64a422e88207c98e988c1ea66c92b6533d6854cf1dd08b8daffca1fbf174b10a8b1c7e5684993e99a3788e0e69f40c2a879794
SSDEEP

196608:2TKSzjl6H+jCy7VzIyrzbqGWXcZRJRbUST:2mMCy7j3BOcZBUST

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

UUDPTBXHGP.t

resource	yara_rule
sample	vmprotect

resource
UUDPTBXHGP.t

Files

UUDPTBXHGP.t
.exe windows:6 windows x64 arch:x64

3346e2dd454410a9e6dfc0adb5f75a16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ws2_32

closesocket

advapi32

ConvertSidToStringSidA

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ntdll

RtlCaptureContext

userenv

UnloadUserProfile

wtsapi32

WTSSendMessageW

Exports

Exports

�l7uqL��v�ZRV�� Z��ds��0�~��Z��ꕧ)�\̮;g��'G��\�۲��^�ݳEB'��|¹`��c�=x��Z��9�y��0��@�4c>Y ��W^�iȄ�->��|[�K�qgz+�`[6ޗ��)��dY�� ppLg�\��4k��~�|��-��>;�t��$A��HY&?�w��~䥗 ��c�kTӂ��t��}B�i��n�S�4ZN]��J|�N(��*�d�ؕ��=tXG@� �9"5m,L�]|TV��c��SY�ю~gI�Re )8H��\��n��Df#GC�"!�!L��QV)f�5�Շ$��(s��D� EXDN�"��>��Gfk�_�lĊi'��U+-�T��9��Y�Z�dȃr~fx_��="]#��|��̦6��̫�}s��p� G~��']+ȋL��bմ��Ђ��o�XI��!�4��&��;��bC�~��3B��k� 掻SH��#4��+�]~G��=;�%pωA�( ��MϠ>@�=�h��S�Q��&��N� G�9ܺǄ�©*�L��w%��h!�`�Y��j\ ��Q��-��j2qA\"P��T]n,�(�z��d��w0=��z%�}�I��nЄ+6�wSY�A&ݐM,� <!Z6\ĕ��B��q�$c��Nh�F��G{{��q��H=.x]\:(�>/�o֯mD͈8�͘��Oc��v�Ҳ�D��v(��?$��|��&I��<.+��W`��A�%O�'�M\�V�PB1�D��Q a�#9�*�/CJ�d�� C'R7I�3)�a��B�T.Za��^� ��в�R/Z,R�GԻ�H�=#�np9>��U%�~q�Soj�pM'5�J�&��" �H�Z�hc��T�=L��P��&+y �M�xp�T�e��n��h��p)s>,h�_�r�1Ӷy��i��D�=U��$�{?iq<�=V��ՎxV-��ߖ鋠�NzT��;֗�j��[�'��)t-�T,Q�xg�xhu��86_��g��FD*s�-��n$��im��=tU��^�V�<�78|_�<�e��εd�Fx1��Y��A<��A3%��~��7A��C%]�-�v��ځ��b�e:9'�&IvOvG3�XX��_L�8�}�V� ��i��Pi�Ǔ��{� ̀��E�+o�4�e��Ҝ�Ћ;h�,�6��AH�+#�'*ͣg��cޱՈ�X�q 8��}��;�Z�e6�b ��*p�n��CC?Z��p]Ѿ_$�#��𮖾�9R3�Krn0��f�Q�;��j^Aw0�� }{n�,��5c)o��Tb#.G1jJ��`i�^A��C��,�$ƻ��P��xP'�x'��P�cv��D^��·�5V��S��I�lm�؅��n�� i��W�7JCy�3��E��iѷ�l;��ӲbX�ɮEҫ��v=��g��-h�0<��S\/�pӨ֎��T5S��i`��FqX�;ؓ��y9}��&h�Ͽ/��ʪH��1�0��%��P��tao�.i|�p.�x C��ũ{��LS�f��+��H��E�ˁ�1�� Z�zS��~��"�9t+oR�FK9��;�/�D��L�"|��c��+Ch- �ވ��t�S�p#��B�f��!��*,�bi� �7I��F�P��'�� U�"h~��sZIR��;dz��~��&5�&I��D)_-��a�� [�� ײ~��0k�\{��ҝN��Tљ�ǽ��;��@��z X� ��pvUl-<�n�(F��Ly� / ��n�|n��Um\��G�p1]�Hd��+ND��IC�ٯ}\{��PWNǁ��j�ID3��l�K�T��9��i��y��Zq�n0|��D��%13*�n� ��D�"k�`"7�<�J��B1#/Q�q,��33/�rՆb@q�/��j��|t�Y��f�9̑�_��5��a?��C�dr9��Q�"��@��t�Yn�Ra�© E��+��A��w @�ӯ0A$��'�V��)��m��ǯ��T�ڣ"g3� ��_�^r��i�Ϲ��i��s@�%n�1��%��f�a��!�Av��"�?��ݴ$1��ճ7�߈$C.��?Hs�5P2y�ϔ��IVq]�� y � �-�t��D�xh@��4��C�2m��&@_��rV�'�^��蹱�)�5t��2��) �HIS} G��1=M�П9�7P��jG�켨j��[ Z&YHA9��Ҧ��7~�&�` 9�_��p �9k r�� 5�}�@�H[/�Т�(��NH��=G��#��a�cM��_ ĘCJ�t�g񵧲o��\�πDd@�A k��(#�3!��8��h�� _� �;lg��9Rːa;�oL�n2�l��zP�u��O1( dj�$a��?��M&"�y��&�[��H0&4��=��] ��):uY��e*Q^o6�#��Co�� O�1�t~y�)\;�9UD��u�2�Y� ��M5ˎ�4[�6��]��(��Sɚ�ӹ& +D�7ely(�G��Z��$g*��Z�䍜!�|�u��u�~-�@~�jΣ��f��U�b5� ��Ar?[��aH��u�ҡ��w��I�I;�t;�Ќ��\U�A�W��>ADj�f(wGnzF饚;>��Uܟ��T��ԩn��r�[�s�3�8�f#�$�/�3��/��J�&x��\��F�H��C��'U%Z|Ҙ]��m��a��¨��"窻�AR�K� �_62G/C��ۻ܆8��<D�眿�y��@��D�*��x��7�~�{��Q�)�R"��m

Sections

.text
Size: - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3346e2dd454410a9e6dfc0adb5f75a16

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

user32

ntdll

userenv

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 531KB

.rdata Size: - Virtual size: 195KB

.data Size: - Virtual size: 9.4MB

.pdata Size: - Virtual size: 21KB

_RDATA Size: - Virtual size: 252B

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: - Virtual size: 531KB

.rdata
Size: - Virtual size: 195KB

.data
Size: - Virtual size: 9.4MB

.pdata
Size: - Virtual size: 21KB

_RDATA
Size: - Virtual size: 252B

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.rsrc
Size: 1024B - Virtual size: 4KB