tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

5.3MB
MD5

65529ecc87223d1cc5e612be24ecfcf2
SHA1

044f58cfcc48f3a291389f51dc40b1f46862e6d8
SHA256

22d50d7e592f6980b4754aff9c442d5fd3acd7f754f50a1b52d7502216e33b0d
SHA512

0c58c0097d3ea8812ef3b1a289a8f1bca049fd764634c8ff3c650d9e5e313f7209d9541a7d1150d74b8b5053c6ef80f915d6b58b3b75fd4953df47f87b0cc81a
SSDEEP

98304:o6GdIy4KRlZl+pLwqFRbJLIG/kGYE04Hs4hGES8GJLSCGNre3:ofOcPGR9LIPGYEJp9gvGc

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

30d24720c3598fe05ae11a645d88271e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EmptyClipboard
CharUpperBuffW

advapi32

GetUserNameA

shell32

SHGetFolderPathA

wininet

InternetReadFile

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-stdio-l1-1-0

setvbuf

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qpwi0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qpwi1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qpwi2
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30d24720c3598fe05ae11a645d88271e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 48KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 2KB

.qpwi0 Size: - Virtual size: 2.7MB

.qpwi1 Size: 2KB - Virtual size: 1KB

.qpwi2 Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 560KB - Virtual size: 560KB

.text
Size: - Virtual size: 48KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 2KB

.qpwi0
Size: - Virtual size: 2.7MB

.qpwi1
Size: 2KB - Virtual size: 1KB

.qpwi2
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 560KB - Virtual size: 560KB