tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

296KB
MD5

eb1fa4d843fb80c9d078da90903fb298
SHA1

e6813b84042fbdc9eb66fa6f7907dc013e08e913
SHA256

b6779dd66b15d9fa8b47a805cf234fd21599e51e648618ca8d97cc3944f63d09
SHA512

a81e49f16955097342b212c81daf83dd432c350913a87796598c414cdb74359f6a0e46f3fe79413d6cafb8ac0c2f0e62c4e5d8733e50dbbd5ee9aafd976ce18a
SSDEEP

6144:u7dTEBluyWTeJYJRTmNdbuEh/BiavQ+G+3pC4o1y5fRFdZmpzZoqt/jwL:eABlWaWrq6m/BiaG+3pHzd8pzZoH

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x86

71e62933cd702ae2cee40b01822a21d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetHandleCount
GetProfileStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetACP
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
RaiseException
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
FormatMessageA
LocalFree
SetLastError
MulDiv
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalAlloc
GetCurrentThread
lstrcmpA
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
lstrcpynA
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetModuleHandleA
GetProcAddress
IsBadReadPtr
GetModuleFileNameA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

SetParent
PostThreadMessageA
IsZoomed
PtInRect
BringWindowToTop
InvalidateRect
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
DestroyMenu
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
wvsprintfA
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
LoadIconA
PostMessageA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
RegisterClipboardFormatA
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
EnableWindow
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSystemMetrics
FindWindowA
MessageBeep
GetNextDlgGroupItem
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
GetDC
ReleaseDC
SetCapture
LockWindowUpdate
GetDCEx
InflateRect
GetTopWindow
GetTabbedTextExtentA
LoadBitmapA
UpdateWindow
CopyAcceleratorTableA
CharNextA
DestroyIcon
GetMenuStringA
DeleteMenu
InsertMenuA
WindowFromPoint
KillTimer
SetTimer
LoadStringA
GetSysColorBrush
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
FillRect
SetRect
LoadCursorA
DestroyCursor
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
ShowOwnedPopups
PostQuitMessage
CharUpperA
SetScrollPos
MessageBoxA

gdi32

GetDeviceCaps
PatBlt
GetStockObject
Rectangle
DPtoLP
CreatePen
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
CreateDCA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
GetTextMetricsA
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontIndirectA
GetTextColor
GetBkColor
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
GetMapMode
SetRectRgn
CombineRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
GetCharWidthA
DeleteObject
CreateCompatibleBitmap
StretchDIBits
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
SelectObject
BitBlt
CreateDIBitmap
GetTextExtentPointA
CreateFontA

comdlg32

GetSaveFileNameA
PrintDlgA
GetOpenFileNameA
CommDlgExtendedError
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCloseKey

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
ExtractIconA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Exports

Exports

Y��n��@+C�<��1��Ҩ ��zCf4R�U�z�i�,��Q-��#��M�U5ؗ��G��s��OU 2� 7�@Ҵ��䵏젲�Ԁ�씞 AU�Á�At��^��=6(�!v��X�|Y<?ie7��WTK}I��=�V ֆW��u�mp G{��(��T�a�+x_��>zDp�D�Ѻ6־�q�/΁��U�`.)a�i\>��m�m��5�e��G^)�و_ǡZMq�fg��h�VDp��*��%y^�,r�Q_�l��jT^[D�� @c��G)6�0��S��96��X�wF]�V�`��H�9kK Sy@�#��x䰪%�v/��]�e��wB��i�3��ڻa�YNJ�w�L6�A��%�ùF#��w!n�� R�k ~G_C�Vt�/M�&>�,��J�S�{)4�Ą��.�v�/f��Btx*«��NR�ˮ��Hd�v}A��}fѦ�b��fPng0X_l y&9��h)+x�(� ��sQ'��4R5�Rl��~��GI��̎`zx��ȹ?�""Z6l;�qj��AI��|؟�A�17G9�U��_ȸ��u m.b�;�7M�f��xm3�C`C��ؐXj+�ԈV��` y��[��`l��b�y�e�a�o�w[�C�}��W��`�~��ȥ��ɲ)І,�T�UV�%�T�by��dGB��Ʒl��m��,�+%u�CH;�5-��'��;^�?�ȇ0��[j'��jz]��~~ۃ+��H��$G9�W�L1��X^�Zp5�x�Qh��s��u��ٴ�B��ae��p(O=�x�8��6@7�|�(��,�f��j�?2��.�Ğ1��j��j��myܧ�OgYВ�ư��4�k�Uح��l:��f�'��t�ӣG� 1e�w��]k�V�7�b�1ػ�ݷ�$�u4n��UTa�^�L��b0t�oÕj�*��[Ð�� `��LI.eqev�a�P��cz�!B�8�*T��p:N��^��$�n�?�]��T0s�78�^�.q��%8�%�*WG�(��1��e��tï68�&�P>}��&_�j�HEdggˌ��>��8~�k�2��;0��I̓��]��˩�T�YX��\]��V�z��G�|��2X-�2x�;Ydr`nD��bPdw�7&R��9�hF� ͠�7�8f��h#Z��^̟�\L!�M��E��$�~vҵy܀Q�m+�o�w��ޫѿ��<P��ѯa9��jxЯMKS 1�D��5�q��T� �I�X�ǿ�=�'0��*�e��dTZ�[/�J��QzA`�� FG (11Ƀ�J$�z��j�&��L��L|ylvx��juF��+/��y��I/�4��œ��$�/��+�]�g'g�T&k��S��섄-�*��"rl��s!Jqz��B�B�Ev�� f�kW<9ݹ+2��J��=.�)�Ve��3mT��i}�w�4I�@��y2��?�q��\6��?�t�S2;�֞3L l�ܵ�y� ��Qr�f<��p��$T�ho�j��{'Tz0��Τ��`��}Cu�h� �s�B�㢢�{ksF׽�絖CV�T�k�4o��Ɋ� B�#-bc��ȔW�Sݞ��]��R8+%�g��l<_�� Z��bL��-�.�>/�O�ړޟ6� ��X��uiL��)��A��k��]�s*��UΎe=� LH��WVg��ua�� p��Ơ(1��@��D;3j�Q��!w��`K4f<�]�- �ޜ��:�t��u��F>+��었'`5a��y�;&^ba�r�8ejѻ��B�\� =(8�c3��&��Dɋ��w��PZ�A��b{��,�_��3�3��$Bcġ�#��)��"�˶��˱󶱨��R%n� ��f!��x�<�q '��PSY��K��p��"� l�^Ժ20�h�s��p�,��N�=H��9�&�2v�7��n ��_|��Li��k�n�ϕ��0��6�Ba8�K��*�0˝��'U�|Ԧ4KИj�%?;ލ+L��F��j"n��2`d��j��f6=��A�]aϠm��8��<D�X�|�bA��$��h.�Z!7��,�Q�9v�@ҷR웣IR�]Zu�;x�O�ZDe�▖k�m�ߗ��^��vm0J��>�s��f:n sp��drӪV�� X:�)��Y�߂��oSDς��/5�"�+��ոx��g��p��C��?��²G�fA��bѤ��r��w[��l��wfYP۲��7�8��/��$x�y��,F)k�/�Py�,�+�L ��!�U��?�0��H�!x�H^�&��[\"^o�B�t��'��Lw��ml��䊓V��h��&>?;j��c��Z��#�c�&�Ldc��1�� X��SsǄ��H��s:"\H�Tږ��g6�U�.��A QbD��%P��l��Ce| �5R�߾|~��C�:�k��sB��qې�0�%-�b?0^��ޥl��"p�A�}��0S� �s�$��v��S-�+%>HV55�O��K Pպ��C��̷E�?d�d�*0��ȯ�n.|3^ l#��x�{V��ڝ��;��u��Ž�4[V}$�}^�+I��`{j�nn�Y�҅}�q�W��,~,_q�gx��FvN�ks �G��y�a-��1�[m�!��2�t :C|/�\�t~��f0�2Ϣ��&yv`�c�,��_��aލ��ov~� �)�ن�;��T?�h�q��*�0T�Æ9��T�Q��&&��J;�N5�%�X�FS��9��~�[�_��W�>�E|!X�F"�ip�8��*G`K�h��?x

Sections

.text
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71e62933cd702ae2cee40b01822a21d3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 217KB

.rdata Size: - Virtual size: 53KB

.data Size: - Virtual size: 162KB

.rsrc Size: 4KB - Virtual size: 10KB

.vmp0 Size: - Virtual size: 64KB

.tls Size: 4KB - Virtual size: 24B

.vmp1 Size: 280KB - Virtual size: 279KB

.reloc Size: 4KB - Virtual size: 148B

.text
Size: - Virtual size: 217KB

.rdata
Size: - Virtual size: 53KB

.data
Size: - Virtual size: 162KB

.rsrc
Size: 4KB - Virtual size: 10KB

.vmp0
Size: - Virtual size: 64KB

.tls
Size: 4KB - Virtual size: 24B

.vmp1
Size: 280KB - Virtual size: 279KB

.reloc
Size: 4KB - Virtual size: 148B