tmp | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220901-en

mimikatz spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

mimikatz discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

General

Target

tmp
Size

2.5MB
MD5

ecf5cabc81047b46977a4df9d8d68797
SHA1

9e0c79a494c450d684e17b0cb4badec73171b8da
SHA256

750baa808221dd28920451df0bdebf7c1456c5b4b71e32917668e2e19677b666
SHA512

0ff98c1eb2eee56fecc8506e359787d093ce3090b9f288d5bcb1ef811f66cc60fcdc81a66603cf85527b58793e45fc655bfe1c2eb9cd7496fe8efd56ffea3190
SSDEEP

49152:EHfXZ/v+zgAWDaCkJFDgGOiBIHf8WK0GvsbDCcMszvlt:EHB/G8mH4H0QG8DCcpzz

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

63b38f66359abe3e76ab07c232f0ff69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ws2_32

inet_ntoa

wldap32

ord32

ole32

CoInitializeEx

oleaut32

VariantInit

user32

MessageBoxA

advapi32

ReportEventA

Sections

.MPRESS1
Size: 2.5MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy