tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

5.8MB
MD5

3d18c032c7a6a7bb02fedec2a80d461f
SHA1

278a563090bfa40c451762c5402508a1ad233ffb
SHA256

a094b02297814757d6340f0b2c9c73cdcb340c44705255bf74a0ed37b74454f5
SHA512

c483efaf0fb2b23dfa706ed5ad94f155c6a3bce0cdb9c514737f527e3d9aaf17f0d52fcc479558398bb172038e65060306b4ca5c49d7e96f5e2c3662ab39f3ea
SSDEEP

98304:RanYWgNSN5M+BTWDis6Wh5vDO9HXKMqqrHvEpmCt2fjRFphggARsgHjyMVUTH+sI:Ron5HkWBqBIKhqrPEdigJCgDyM8GR

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

8070444dcbbb95484d890068c4e91c6e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:0a:2d:39:50:e0:10:db:9d:c7:c6:07:8d:d2:7a:b5
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/08/2020, 00:00

Not After

06/08/2022, 23:59

Subject

CN=DOP AGENT SOFTWARE ,OU=IT ,O=DOP AGENT SOFTWARE ,POSTALCODE=134114,STREET=SCO 10-11\,Chitkara Innovation Center\,MDC-4 ,L=Panchkula ,ST=Haryana ,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:a4:c8:c0:aa:3b:de:40:6e:c9:a6:23:99:69:49:05:b9:b0:0d:bb
Signer

Actual PE Digest

00:a4:c8:c0:aa:3b:de:40:6e:c9:a6:23:99:69:49:05:b9:b0:0d:bb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DOP AGENT SOFTWARE ,OU=IT ,O=DOP AGENT SOFTWARE ,POSTALCODE=134114,STREET=SCO 10-11\,Chitkara Innovation Center\,MDC-4 ,L=Panchkula ,ST=Haryana ,C=IN

03/11/2021, 12:01
Valid: true

Chain 1

CN=DOP AGENT SOFTWARE ,OU=IT ,O=DOP AGENT SOFTWARE ,POSTALCODE=134114,STREET=SCO 10-11\,Chitkara Innovation Center\,MDC-4 ,L=Panchkula ,ST=Haryana ,C=IN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnterCriticalSection
SetFilePointer
GetACP
CloseHandle
LocalFree
GetTickCount
FlushInstructionCache
VirtualFree
GetStartupInfoW
ExitProcess
InitializeCriticalSection
GetCurrentProcess
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
GetModuleHandleA
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
ReadFile
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
UnmapViewOfFile
GetModuleFileNameW
GetLastError
lstrlenW
SetEndOfFile
CompareStringW
lstrcmpA
WideCharToMultiByte
MapViewOfFile
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
DeleteCriticalSection
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 121B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8070444dcbbb95484d890068c4e91c6e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

4f:0a:2d:39:50:e0:10:db:9d:c7:c6:07:8d:d2:7a:b5Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

00:a4:c8:c0:aa:3b:de:40:6e:c9:a6:23:99:69:49:05:b9:b0:0d:bbSigner

Signature Validations

Verification

03/11/2021, 12:01 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

comctl32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 333KB - Virtual size: 332KB

.bss Size: - Virtual size: 22KB

.idata Size: 3KB - Virtual size: 2KB

.didata Size: 512B - Virtual size: 456B

.edata Size: 512B - Virtual size: 121B

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 39KB - Virtual size: 38KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

4f:0a:2d:39:50:e0:10:db:9d:c7:c6:07:8d:d2:7a:b5
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

00:a4:c8:c0:aa:3b:de:40:6e:c9:a6:23:99:69:49:05:b9:b0:0d:bb
Signer

03/11/2021, 12:01
Valid: true

.text
Size: 136KB - Virtual size: 135KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 333KB - Virtual size: 332KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 3KB - Virtual size: 2KB

.didata
Size: 512B - Virtual size: 456B

.edata
Size: 512B - Virtual size: 121B

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 39KB - Virtual size: 38KB