tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

2.5MB
MD5

00807cb535815226ee686eb91a2a656a
SHA1

057bde96c8640763e9c85f0dc191d106eecd78c6
SHA256

3bbaa72413571b18979428250cc34ee4f8db54cbf092192b076aeaaeb66e2bcd
SHA512

a3bfcfd402d126facd1fec445758099b23c4a09dd58a0d2a7faaba14bd289b0892820bc07e3f0e904a5e6819cfdbb35da8cf65e57ad3c30e97b4feac2a5c421c
SSDEEP

49152:Wqgyd/DHXBgnqPi3W0EfLckdKO+EER8JXO:sKRIsM

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x64

b1ac41ecc25022618f74a6d0828a4712

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d
Signer

Actual PE Digest

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/10/2022, 15:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___wargv
_cexit
_initterm
abort
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_beginthreadex
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo
terminate
_invalid_parameter_noinfo_noreturn
_errno
_seh_filter_exe
_set_app_type

api-ms-win-crt-stdio-l1-1-0

feof
fgetws
fclose
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsnwprintf_s
fputc
__stdio_common_vswprintf_s
_wfopen
_fsopen
__p__commode
_set_fmode
fseek
_wfsopen
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fflush

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_calloc_base
free
_malloc_base
_free_base
_callnewh
_recalloc
realloc

api-ms-win-crt-convert-l1-1-0

_i64toa_s
_ui64toa_s
_ui64tow_s
wcstoull
_wcstod_l
wcstoll
wcstod
_i64tow_s
strtof
strtoll
strtod
wcstol
_itow_s
strtol

api-ms-win-crt-string-l1-1-0

isalpha
iswalpha
isdigit
iswdigit
iswxdigit
islower
iswlower
wcsncpy_s
strcspn
iswspace
towlower
towupper
iswupper
strncmp
strnlen
_wcsdup
isupper
__strncnt
wcsnlen
isspace
tolower
wcscmp
strcpy_s
_wcsicmp

api-ms-win-crt-locale-l1-1-0

_lock_locales
_configthreadlocale
localeconv
setlocale
___lc_codepage_func
__pctype_func
_create_locale
___lc_collate_cp_func
___lc_locale_name_func
_unlock_locales
___mb_cur_max_func
_free_locale

api-ms-win-crt-math-l1-1-0

ldexp
ceilf
ceil
log2
pow
powf
frexp

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW
RegQueryValueExW
EventWriteTransfer
EventUnregister
EventRegister
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetKeyValueW
RegOpenCurrentUser
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
ImpersonateLoggedOnUser
RevertToSelf

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectMemory
CryptBinaryToStringW
CertFreeCertificateChain
CertFreeCertificateContext

kernel32

GetSystemInfo
UnmapViewOfFile
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetVersionExW
GetModuleHandleA
QueryProcessCycleTime
GetLongPathNameW
GetProcessId
DuplicateHandle
CreateMutexW
LoadLibraryExA
DelayLoadFailureHook
OpenProcess
QueryFullProcessImageNameW
QueryUnbiasedInterruptTime
GlobalFree
VerifyVersionInfoW
GetUserPreferredUILanguages
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
MultiByteToWideChar
CloseThreadpool
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolWork
SubmitThreadpoolWork
StartThreadpoolIo
SystemTimeToFileTime
RaiseException
FreeLibrary
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
CreateEventW
SetEvent
TerminateProcess
GetCurrentProcess
SwitchToFiber
ConvertFiberToThread
IsThreadAFiber
ConvertThreadToFiber
CreateFiberEx
DeleteFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateFileW
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
Sleep
SwitchToThread
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
LocalFree
InitOnceComplete
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileExW
FindNextFileW
DeviceIoControl
FindClose
GetFileAttributesW
GetFileAttributesExW
SetFileInformationByHandle
MoveFileExW
CopyFileW
InitOnceBeginInitialize
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
InitializeSListHead
RtlUnwindEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetProcessTimes
CreateThreadpoolIo
WaitForThreadpoolIoCallbacks
CancelThreadpoolIo
CancelIoEx
CloseThreadpoolIo
GetSystemDirectoryW
GetSystemTime
InitializeCriticalSectionEx
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
ExpandEnvironmentStringsW

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx

oleaut32

VarUI4FromStr

user32

UnregisterClassA
CharNextW

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider

normaliz

IdnToAscii

ws2_32

htonl
ntohs
htons
inet_ntop

ntdll

RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
VerSetConditionMask

winhttp

WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect

mpclient

MpConfigGetValueAlloc
MpHandleClose
MpConfigClose
MpNotificationRegister
MpManagerOpen
MpFreeMemory
MpConfigUninitialize
MpUtilsExportFunctions
MpConfigInitialize
MpClientUtilExportFunctions
MpConfigOpen

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-utility-l1-1-0

rand_s

shell32

SHGetKnownFolderPath

iphlpapi

GetAdaptersAddresses

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1ac41ecc25022618f74a6d0828a4712

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5dSigner

Signature Validations

Verification

28/10/2022, 15:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

crypt32

kernel32

ole32

oleaut32

user32

bcrypt

normaliz

ws2_32

ntdll

winhttp

mpclient

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

shell32

iphlpapi

netapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 296KB - Virtual size: 292KB

.data Size: 40KB - Virtual size: 100KB

.pdata Size: 80KB - Virtual size: 79KB

.didat Size: 4KB - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d
Signer

28/10/2022, 15:04
Valid: false

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 296KB - Virtual size: 292KB

.data
Size: 40KB - Virtual size: 100KB

.pdata
Size: 80KB - Virtual size: 79KB

.didat
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB