tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

1.2MB
MD5

176cba6c54addf55ff9212f8635af268
SHA1

99b98dbc56d33073f4a1663b9c7866f673500ea6
SHA256

4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3
SHA512

6b0eba2535e7153e41f9aca21440b0ee448096d5d6da134abfdcccba6dbdd5d9d051aa606cc1810af4d6b9b7bcc784eeb245f74c264c0dd41e96ce391686a023
SSDEEP

24576:qMGnno42KEVxeAL7x06blOSE3UHMxpWWEaTaeGyidv:Fo1GxplLE3UHOTTnidv

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

5d995d1333889b015aeb6c41cd149f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
FreeLibrary
RtlUnwind
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
GetCurrentThreadId
TlsFree
GetModuleHandleW
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
HeapCreate
GetModuleFileNameW
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapAlloc
HeapFree
LoadLibraryW
HeapReAlloc
HeapSize
HeapQueryInformation
LCMapStringW
MultiByteToWideChar
GetStringTypeW
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sppol
Size: 822KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sppol
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d995d1333889b015aeb6c41cd149f70

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

iphlpapi

psapi

user32

advapi32

shell32

Sections

.text Size: 440KB - Virtual size: 440KB

.sppol Size: 822KB - Virtual size: 824KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.sppol Size: 4KB - Virtual size: 4KB

.text
Size: 440KB - Virtual size: 440KB

.sppol
Size: 822KB - Virtual size: 824KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.sppol
Size: 4KB - Virtual size: 4KB