tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

895KB
MD5

c626e3b9b40c30d97112777166ab0bfd
SHA1

5e7cfd943cff5ec7b673fd54dc6a221afe410d47
SHA256

ce613f10710166e4865c408effc86217615314ec5809aa8f7762dbe3d95c55b9
SHA512

fcfae20a9cda2a881f092affea23c23fc2547ddf7bf63f839beb41773db7693a32288c7020e1597c200947098f1079e56f4ad1152e7b56553886b38bf73aed4c
SSDEEP

24576:DsDy3RUfWAImPDF2icF0DN+6ybJzhg2ViZHGO2j/OlUbFpE:UcOEzWp+6ybJzh/VS2l

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x64

67548a22caca262edc208bd141b3c2ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

strncpy
memcmp
__chkstk
strcmp
strchr
wcslen
memset
memcpy
strncmp
strlen
strcpy
strcat
strstr
strrchr

kernel32

LocalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
VirtualAlloc
VirtualProtect
Beep
GetCurrentProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
LeaveCriticalSection
TryEnterCriticalSection
CreateFileW
DeviceIoControl
GetSystemDirectoryA
EnterCriticalSection
WaitForSingleObject
ExitThread
DuplicateHandle
SetLastError
SetEvent
ResetEvent
CreateEventW
TerminateProcess
GetTickCount64
OpenProcess
VirtualQuery
CreateDirectoryW
CreateFileA
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSizeEx
ReadFile
WriteFile
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
SetThreadPriority
CreateProcessA
GetSystemTime
LoadLibraryExA
CreateThread
GlobalUnlock
GlobalLock
FormatMessageA
SystemTimeToTzSpecificLocalTime
CreateToolhelp32Snapshot
Process32First
Process32Next
QueryPerformanceFrequency
InitializeCriticalSection
ReleaseMutex
CreateMutexA
SetPriorityClass
GetSystemInfo
QueryFullProcessImageNameW
GetUserPreferredUILanguages
Sleep
GetLastError
CloseHandle
FreeLibrary
GetCurrentThread
GlobalAlloc

user32

DispatchMessageA
PeekMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
SetWindowPos
FillRect
LoadCursorA
IsWindow
TranslateMessage
CloseClipboard
SetClipboardData
EmptyClipboard
SendInput
MapVirtualKeyA
InvalidateRect
SetWindowLongPtrA
FindWindowW
GetWindowInfo
GetClipboardData
OpenClipboard
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
GetCursorPos

gdi32

Rectangle
LineTo
CreateSolidBrush
CreatePen
CreateFontA
BitBlt
TextOutW
SetTextColor
SetBkMode
CreateCompatibleDC
GetDeviceCaps
MoveToEx
StretchDIBits
SetBkColor
DeleteObject
SelectObject
CreateCompatibleBitmap

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetTimeouts

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67548a22caca262edc208bd141b3c2ac

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

winhttp

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 27KB - Virtual size: 48KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 237KB - Virtual size: 236KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 27KB - Virtual size: 48KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 237KB - Virtual size: 236KB

.reloc
Size: 512B - Virtual size: 32B