tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

4.1MB
MD5

31c69a4df2ccefeef9576c334fa3e359
SHA1

4c62c15818173ae5438690f117224b85cb74f17b
SHA256

f3df6ce5555035ca7ca6929a6cbc90dae323d6f6198af03c13d09bb6cb95e49c
SHA512

eefe0196eba26b520d268dc5161935367787a7379b010dccb59e55c9025560f342405a4320086eeed4917c57d4fcd376702b7a4dbf7f39edcf1ca452d5a20d20
SSDEEP

49152:v/mzXCaZ0/veSwDTffITX6ce/dJJ5TE8Uq1ICeWUwgNX7sy:v/mzCaZozbe/dJJ68TNeWO

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

5f08973e03e071a4aae0732485906d4d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24/03/2022, 00:00

Not After

23/03/2025, 23:59

Subject

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:c0:d9:bc:f5:d7:f4:52:f7:9e:ee:ef:42:8e:c1:5a:df:e3:08:5f:ea:a3:c8:9e:83:13:ff:08:b6:81:3b:64
Signer

Actual PE Digest

b7:c0:d9:bc:f5:d7:f4:52:f7:9e:ee:ef:42:8e:c1:5a:df:e3:08:5f:ea:a3:c8:9e:83:13:ff:08:b6:81:3b:64

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

15/12/2022, 13:55
Valid: true

Chain 1

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadLibraryExW
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
CreateFileA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetFileType
SetStdHandle
HeapSize
GetProfileIntW
FindResourceA
GlobalAddAtomA
GetProfileStringA
GetPrivateProfileSectionNamesW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetExitCodeThread
TerminateThread
ResetEvent
GetCurrentProcessId
SetErrorMode
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
GetProcAddress
lstrlenA
lstrlenW
FindClose
FindFirstFileW
MultiByteToWideChar
GetLastError
CreateMutexW
CopyFileW
Sleep
GetEnvironmentVariableW
GetExitCodeProcess
GetVersionExW
WinExec
GetLongPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFileTimeToFileTime
SystemTimeToFileTime
CloseHandle
SetFileTime
CreateFileW
GlobalSize
LockResource
LoadResource
SizeofResource
GetFileAttributesW
CreateThread
HeapReAlloc
RaiseException
HeapFree
HeapAlloc
CreateDirectoryW
TerminateProcess
RtlUnwind
ExitProcess
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetProcessVersion
SetFileAttributesW
GetFileSize
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
GetTickCount
lstrcmpiA
GetCurrentThread
lstrcmpW
CreateEventW
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
MulDiv
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
LoadLibraryW
DeleteFileW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetLastError
FormatMessageW
LocalFree
lstrcmpA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryA
FindResourceW
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
lstrcatW
lstrcpyW
GlobalGetAtomNameW
GlobalAddAtomW
GetVersion
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetDiskFreeSpaceW
GetFileTime
GetFullPathNameW
lstrcpynW

user32

LoadCursorW
IsRectEmpty
FillRect
FindWindowW
RegisterClipboardFormatW
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
EndDialog
CreateDialogIndirectParamW
GetMessageW
ValidateRect
GetCursorPos
InflateRect
GrayStringW
GetClientRect
EnableWindow
GetWindow
GetParent
LoadIconW
SendMessageW
GetKeyState
RedrawWindow
CreateMenu
DeleteMenu
PtInRect
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
CharUpperW
LoadStringW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
MoveWindow
SetWindowTextW
IsDialogMessageW
GetSysColorBrush
GetClassNameW
GetDialogBaseUnits
InsertMenuW
GetMenuStringW
DestroyIcon
CharNextW
CopyAcceleratorTableW
SetRect
GetNextDlgGroupItem
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetWindowRect
WindowFromPoint
GetMenuItemCount
MessageBeep
PostThreadMessageW
CreatePopupMenu
AppendMenuW
GetFocus
LoadMenuW
InvalidateRect
LoadBitmapW
UpdateWindow
MessageBoxW
PeekMessageW
DispatchMessageW
TranslateMessage
IsWindow
RegisterWindowMessageW
ReleaseDC
GetDC
GetSysColor
IsWindowVisible
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
GetMenuCheckMarkDimensions
AdjustWindowRectEx
IsChild
IsIconic
GetDlgCtrlID
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
RegisterClassW
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
DestroyWindow
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetSystemMetrics
GetCapture
PostMessageW
SetCursor
IsWindowEnabled
GetDesktopWindow
GetWindowLongW
ShowWindow
UnregisterClassW
GetWindowTextLengthA
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
SendMessageA
GetClassNameA
SetPropA
GetPropA
GetClipboardFormatNameW
GetTabbedTextExtentA
OpenClipboard
EmptyClipboard
CloseClipboard
DrawEdge
GetDoubleClickTime
LookupIconIdFromDirectoryEx
GetCursor
SetClipboardData
CopyIcon
CreateIconIndirect
GetIconInfo
CreateIconFromResourceEx
GetLastActivePopup
BringWindowToTop
EqualRect
CopyRect
GetDlgItem
SetWindowLongW
wsprintfW
SetWindowPos
GetSubMenu
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpW
SetMenu
GetMenu
GetClassInfoW
DestroyMenu
SetFocus
GetActiveWindow
SetTimer
SetWindowRgn
GetSystemMenu
SetCapture
KillTimer
DrawIconEx
GetClassLongW
SetClassLongW
UnionRect
GetDCEx
LockWindowUpdate
IsZoomed
DrawFocusRect
SetParent
GetMenuItemInfoW
IsMenu
MapVirtualKeyW
ShowCaret
HideCaret
GetWindowRgn
WaitMessage
GetMenuDefaultItem
DrawStateW
SendMessageTimeoutW
DrawFrameControl
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsClipboardFormatAvailable
InvertRect
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SetCursorPos
LoadImageW

gdi32

ExtTextOutA
GetEnhMetaFilePaletteEntries
DeleteEnhMetaFile
CreatePalette
SelectPalette
PlayEnhMetaFile
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
DeleteObject
SetStretchBltMode
SetDIBitsToDevice
BitBlt
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap
AddFontResourceW
GetStockObject
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePen
CreateSolidBrush
CreatePatternBrush
PtVisible
TextOutW
ExtTextOutW
Escape
GetMapMode
GetDeviceCaps
CombineRgn
CreateFontIndirectW
DPtoLP
LPtoDP
GetTextExtentPoint32W
GetTextMetricsW
GetTextColor
GetBkColor
CopyMetaFileW
SetWinMetaFileBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
SetTextColor
GetObjectW
PatBlt
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
Rectangle
Polygon
GetWindowOrgEx
PtInRegion
ExtCreateRegion
SetPixel
GetPixel
GetCurrentObject
EnumFontFamiliesExW
GetBitmapBits
GetRgnBox
CreatePolygonRgn
RoundRect
CreateFontW
Polyline
GetViewportOrgEx
Ellipse
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetCharWidthW
GetTextAlign
GetTextExtentPoint32A
ExtFloodFill
SetBrushOrgEx
GetTextExtentPointA
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
SetRectRgn
GetClipRgn

comdlg32

PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseColorW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyW
RegSetValueW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
SetFileSecurityW
GetFileSecurityW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueExW

shell32

SHAppBarMessage
SHGetMalloc
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
ExtractIconW

comctl32

ImageList_LoadImageW
ImageList_Create
ord17
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Draw
ImageList_Destroy

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

ReleaseStgMedium
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
OleFlushClipboard
CLSIDFromProgID
CoDisconnectObject
CoCreateInstance
CoUninitialize
CoInitialize
OleIsCurrentClipboard
OleDuplicateData
CoGetClassObject
OleInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SysAllocString
VariantChangeType
SysAllocStringByteLen
VarDateFromStr
VarBstrFromDate
SysStringLen
LoadTypeLi
VariantChangeTypeEx
OleLoadPicturePath

wininet

InternetGetLastResponseInfoW
InternetCrackUrlW
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetQueryOptionW
InternetCanonicalizeUrlW

wintrust

WinVerifyTrust

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f08973e03e071a4aae0732485906d4d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b7:c0:d9:bc:f5:d7:f4:52:f7:9e:ee:ef:42:8e:c1:5a:df:e3:08:5f:ea:a3:c8:9e:83:13:ff:08:b6:81:3b:64Signer

Signature Validations

Verification

15/12/2022, 13:55 Valid: true

Chain 1

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

wintrust

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 352KB - Virtual size: 350KB

.data Size: 140KB - Virtual size: 161KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b7:c0:d9:bc:f5:d7:f4:52:f7:9e:ee:ef:42:8e:c1:5a:df:e3:08:5f:ea:a3:c8:9e:83:13:ff:08:b6:81:3b:64
Signer

15/12/2022, 13:55
Valid: true

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 352KB - Virtual size: 350KB

.data
Size: 140KB - Virtual size: 161KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB