tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

726KB
MD5

a565109f66591892069773052e668c36
SHA1

44f37f70dc92da7cebd60cc4637b137921463852
SHA256

fa729345e83a89f6eaee60b98ff8ce338724987791dc5786d48abc543aac7747
SHA512

d12eecc943c4f1830c1b64ed4c46b22f5826b4062dc6a19c0ab7c2d34ae5691fb80efdadea5d18106f2d38e1d1c44452d9e63580570a6f9bc66e545a413b3e23
SSDEEP

12288:sk4MXNLmDguv3NU+5Ia9rFkshBedumbMJX1SnL7q6mIqK+mJ5Fw9qF6fDKog0+QI:lXNLmDguF739Wowd+JX1SnLnmID15Fwo

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

056d9b704775f8e465e0485902904b4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
EncryptFileW
DecryptFileW
EventWriteTransfer
DuplicateEncryptionInfoFile
EventUnregister
EventRegister
RegOpenKeyExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegDeleteKeyW

kernel32

GetACP
CopyFileW
MoveFileExW
DeleteFileW
GetModuleHandleA
CreateEventW
SetEvent
QueueUserWorkItem
FreeLibrary
LoadLibraryW
HeapSetInformation
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
GetThreadLocale
QueryFullProcessImageNameW
OpenProcess
GetTempPathW
lstrcmpiW
SetEndOfFile
FindFirstFileW
GetFullPathNameW
GetTickCount
GlobalDeleteAtom
GlobalAddAtomW
SetErrorMode
LocalFree
LocalAlloc
RaiseException
GlobalSize
GetExitCodeThread
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
lstrlenW
GetLocaleInfoW
MulDiv
DeviceIoControl
SetFileTime
SetFileAttributesW
GetFileTime
GetFileAttributesW
FindClose
WriteFile
ReadFile
FindNextStreamW
FindFirstStreamW
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetFileSizeEx
CreateFileW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
WaitForSingleObjectEx
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
lstrcmpW
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
RegisterApplicationRestart
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
OpenSemaphoreW

gdi32

EnumFontFamiliesExW
GetTextFaceW
GdiGradientFill
GetTextMetricsW
Polyline
SetROP2
CreatePolygonRgn
TranslateCharsetInfo
GetTextExtentPoint32W
CreateFontW
StretchDIBits
CreateDCW
CreateFontIndirectW
SetStretchBltMode
GetBrushOrgEx
GetRgnBox
CombineRgn
CreateRectRgn
ExtSelectClipRgn
ExtFloodFill
GetPixel
UnrealizeObject
SetBrushOrgEx
StretchBlt
Polygon
OffsetRgn
SetPixel
LineTo
MoveToEx
CreatePen
SetDIBitsToDevice
GetNearestColor
CreateDIBitmap
GetDIBits
CreateHalftonePalette
CreateDIBSection
Rectangle
SetViewportExtEx
RestoreDC
LPtoDP
SetMapMode
SaveDC
CreatePalette
PlayMetaFile
GdiAlphaBlend
SetTextColor
SetBkColor
GetObjectW
GetCurrentObject
SetDIBColorTable
GetDIBColorTable
CreateRectRgnIndirect
GetStockObject
FillRgn
PatBlt
CreateSolidBrush
CreatePatternBrush
SetPaletteEntries
ResizePalette
GetNearestPaletteIndex
GetPaletteEntries
SetDIBits
CreateBitmap
DeleteObject
GetDeviceCaps
SelectObject
SelectPalette
RealizePalette
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC

user32

NotifyWinEvent
PostMessageW
IsClipboardFormatAvailable
RegisterClipboardFormatW
OffsetRect
FillRect
GetCursorPos
UnionRect
IntersectRect
WindowFromPoint
PtInRect
GetCapture
SetRectEmpty
SetTimer
KillTimer
IsRectEmpty
EqualRect
SetCursor
SetCapture
GetAsyncKeyState
SetPropW
CopyRect
InflateRect
GetParent
GetWindowLongW
GetUpdateRect
GetKeyboardLayout
LoadImageW
EnableWindow
GetFocus
SetActiveWindow
GetTouchInputInfo
ShowCursor
GetDC
GetMessageExtraInfo
ReleaseCapture
ClientToScreen
TrackMouseEvent
ValidateRect
RemoveMenu
DestroyWindow
DestroyCursor
SystemParametersInfoW
GetWindowThreadProcessId
MsgWaitForMultipleObjectsEx
PeekMessageW
SetWindowTextW
GetKeyState
MessageBoxW
ReleaseDC
RedrawWindow
SetDlgItemInt
UpdateWindow
LoadMenuW
GetSubMenu
GetMenu
IsWindow
UnregisterTouchWindow
RegisterTouchWindow
PostQuitMessage
GetCaretPos
SetGestureConfig
CheckMenuItem
IsWindowVisible
LoadIconW
MessageBeep
InvalidateRect
GetSystemMetrics
GetClassInfoW
GetMonitorInfoW
GetWindowRect
GetClientRect
GetSysColor
DestroyIcon
SendMessageW
ScreenToClient
RegisterWindowMessageW
CloseTouchInputHandle
SetRect
EnableScrollBar
MonitorFromRect
SetClassLongW
GetWindowDC
LoadStringW
IsMenu
SendDlgItemMessageW
SetWindowLongW
CheckDlgButton
GetDlgItem
GetDlgItemInt
LoadBitmapW
BringWindowToTop
DestroyMenu
SendInput
SetCursorPos
LoadCursorW
GetSystemMenu

mfc42u

ord4279
ord1088
ord2114
ord2105
ord2108
ord790
ord3711
ord795
ord3716
ord809
ord556
ord1922
ord529
ord2109
ord5996
ord3478
ord796
ord1710
ord4260
ord5274
ord6451
ord5852
ord4390
ord3569
ord609
ord384
ord686
ord2088
ord2070
ord290
ord614
ord4016
ord4015
ord291
ord1853
ord1936
ord4225
ord298
ord620
ord1704
ord3574
ord3578
ord4358
ord5706
ord1569
ord5244
ord5808
ord3570
ord3974
ord996
ord3971
ord2767
ord6135
ord610
ord287
ord4589
ord4124
ord6266
ord1637
ord2430
ord3649
ord2576
ord4215
ord2235
ord6375
ord4282
ord6376
ord6137
ord1258
ord5855
ord825
ord823
ord535
ord800
ord540
ord470
ord755
ord3477
ord6063
ord6065
ord268
ord1560
ord4155
ord2606
ord538
ord3133
ord4294
ord5047
ord6211
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2436
ord5254
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5275
ord4347
ord6365
ord5157
ord2377
ord5230
ord4398
ord1768
ord4073
ord6051
ord1707
ord1702
ord5079
ord2381
ord4116
ord5467
ord4051
ord4359
ord2522
ord6150
ord2577
ord2385
ord2406
ord3658
ord3621
ord3566
ord1863
ord415
ord715
ord2753
ord1081
ord6928
ord1184
ord5601
ord1165
ord354
ord665
ord861
ord5647
ord3122
ord3611
ord350
ord5180
ord6325
ord323
ord640
ord1633
ord1634
ord5781
ord2442
ord5787
ord2397
ord1662
ord2644
ord1172
ord4219
ord1262
ord5679
ord858
ord4273
ord2810
ord1130
ord1834
ord2879
ord1257
ord1127
ord293
ord2505
ord641
ord3568
ord5616
ord324
ord2357
ord2287
ord2359
ord2283
ord2362
ord2281
ord2755
ord2910
ord2914
ord5568
ord4229
ord3087
ord6195
ord4704
ord1775
ord4847
ord2933
ord6330
ord2286
ord2354
ord4050
ord3090
ord1771
ord3592
ord4419
ord2438
ord5257
ord5276
ord6370
ord5237
ord4401
ord1767
ord6048
ord2506
ord4992
ord4370
ord5261
ord5677
ord5303
ord2821
ord5286
ord3397
ord3693
ord818
ord567
ord765
ord3289
ord2100
ord2854
ord3701
ord2855
ord6153
ord5869
ord2444
ord3867
ord3687
ord2066
ord4078
ord289
ord613
ord4315
ord562
ord816
ord2859
ord5783
ord5784
ord283
ord5777
ord6190
ord4018
ord5790
ord6115
ord1941
ord4270
ord1230
ord2371
ord6168
ord3915
ord3792
ord6124
ord3747
ord5977
ord3016
ord3490
ord1143
ord2372
ord3313
ord5438
ord1971
ord4237
ord366
ord674
ord2084
ord2858
ord4451
ord4430
ord5048
ord4787
ord4421
ord5248
ord1658
ord2641
ord5278
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5468
ord975
ord5006
ord3345
ord4298
ord4461
ord5097
ord5094
ord3054
ord2382
ord2715
ord3737
ord4251
ord480
ord761
ord4834
ord1896
ord4343
ord6086
ord763
ord2777
ord4426
ord5256
ord1718
ord3743
ord5236
ord4103
ord4954
ord4957
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4881
ord4717
ord4335
ord5070
ord4529
ord4886
ord4364
ord4893
ord4582
ord4583
ord1714
ord5224
ord4509
ord472
ord3688
ord1886
ord4249
ord4612
ord5092
ord4010
ord456
ord748
ord4819
ord4854
ord4950
ord5573
ord5650
ord1740
ord1144
ord6340
ord5734
ord1196
ord2502
ord2776
ord940
ord5579
ord6077
ord4651
ord1255
ord6466
ord2721
ord2719
ord2722
ord458
ord750
ord2247
ord273
ord603
ord1961
ord1985
ord6386
ord962
ord2007
ord957
ord5200
ord2394
ord3193
ord3449
ord5014
ord6193
ord4488
ord4615
ord4610
ord4614
ord4424
ord4617
ord3256
ord6171
ord4381
ord4417
ord5240
ord6332
ord3061
ord3055
ord4691
ord3245
ord3782
ord3444
ord1003
ord5623
ord3509
ord5019
ord3412
ord2986
ord4622
ord5497
ord4410
ord4994
ord4599
ord3101
ord5015
ord4485
ord4996
ord4910
ord4634
ord4511
ord2163
ord2429
ord4944
ord3182
ord4820
ord4855
ord4951
ord4675
ord4679
ord4442
ord1229
ord4665
ord4493
ord3865
ord5024
ord4989
ord4869
ord4904
ord4504
ord5153
ord6191
ord4407
ord4718
ord469
ord3512
ord2518
ord5788
ord4695
ord4901
ord4584
ord4356
ord4269
ord4609
ord561
ord815
ord459
ord3614
ord743
ord1149
ord6113
ord1202
ord520
ord6133
ord986
ord2028
ord5713
ord5712
ord5496
ord942
ord2550
ord2717
ord6371
ord4074
ord4692
ord3341
ord1197
ord4604
ord3191
ord3442
ord927
ord941
ord4197
ord1089
ord2885
ord3733
ord4616
ord5710
ord5285
ord5298
ord5296

msvcrt

_CIcos
_CIsin
_CIsqrt
_CItan
_CIatan2
_ftol2
_ftol2_sse
memcmp
memmove
__RTDynamicCast
__CxxFrameHandler3
memcpy
_vsnwprintf
_controlfp
_except_handler4_common
__uncaught_exception
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
isdigit
isalnum
abort
memchr
tolower
isspace
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
__pctype_func
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
setlocale
_CxxThrowException
_callnewh
malloc
vswprintf_s
exit
wcsncmp
_wsetlocale
_wcsdup
__wargv
__argc
_wcsicmp
rand
_beginthreadex
_wtoi
_wsplitpath_s
strcspn
localeconv
sprintf_s
_strtoi64
_strtoui64
_purecall
free
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
swprintf_s
wcscpy_s
wcstoul
vsprintf_s
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
memset

shlwapi

PathStripPathW
PathFileExistsW
PathFindFileNameW
PathCombineW
ord628

oleaut32

VariantClear
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCopy
SysAllocString
VariantInit
VarDecFromI4
SysFreeString
VarDecFromR8
VarR8FromDec
SafeArrayCreateVector

api-ms-win-core-com-l1-1-0

PropVariantCopy
PropVariantClear
CoCreateGuid
FreePropVariantArray
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoCreateInstance
CoMarshalInterThreadInterfaceInStream

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateEventExW
AcquireSRWLockExclusive
EnterCriticalSection
InitializeCriticalSection
CreateMutexW
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx

api-ms-win-core-file-l1-1-0

GetTempFileNameW
CompareFileTime

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

comctl32

ord381
ord345
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Draw

comdlg32

GetFileTitleW
GetOpenFileNameW

ntdll

WinSqmSetIfMaxDWORD
WinSqmAddToStream
WinSqmStartSession
WinSqmEndSession
WinSqmIncrementDWORD

ole32

CoInitialize
ReleaseStgMedium
OleGetClipboard
WriteClassStg
WriteFmtUserTypeStg

propsys

PropVariantToString
PropVariantToStringVectorAlloc
PropVariantToUInt32WithDefault
PropVariantToUInt32
PSGetPropertyDescriptionListFromString

shell32

SHGetKnownFolderPath
SHCreateItemFromParsingName
SHCreateShellItemArrayFromShellItem
SHBindToParent
ShellAboutW
SHParseDisplayName
ord155
SHAddToRecentDocs
DragFinish
ord75
ord165
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
SHChangeNotify

winmm

timeGetTime

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056d9b704775f8e465e0485902904b4e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

shlwapi

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-localization-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-eventing-provider-l1-1-0

comctl32

comdlg32

ntdll

ole32

propsys

shell32

winmm

Sections

.text Size: 634KB - Virtual size: 634KB

.data Size: 16KB - Virtual size: 25KB

.idata Size: 18KB - Virtual size: 18KB

.didat Size: 512B - Virtual size: 432B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 634KB - Virtual size: 634KB

.data
Size: 16KB - Virtual size: 25KB

.idata
Size: 18KB - Virtual size: 18KB

.didat
Size: 512B - Virtual size: 432B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 51KB - Virtual size: 51KB