tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

482KB
MD5

35682da492db89d3f4328bad0c8397bb
SHA1

458568e4293310447c4018a59a8cf3e6b97d627c
SHA256

19386113d04cff6ca740353cf966d3e0ede64dbb3ac959d167a14f0a05b42f00
SHA512

9be97101bd10bf51ea9d0e10f2576824be814defe03aaaaccea06070cbe825219d491f318d61b9317375b1aba07a1e528cbbf6fbb649e7d5b9f5c3251c2befec
SSDEEP

3072:z7S4HzOfocT/aoFl1aBpfAU3ZC6Xt3VSfwBVM:z7ltcT18BlpCat5BS

Score

N/A

Malware Config

Signatures

Files

tmp
.exe windows x86

903afd4d166000ae3630f617a4f9e3ce

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24/03/2022, 00:00

Not After

23/03/2025, 23:59

Subject

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:8b:0e:8f:9d:70:d0:86:41:c1:22:5c:db:80:ff:6e:51:b7:0c:90:57:47:a6:45:b1:7c:d1:9e:01:32:0c:5b
Signer

Actual PE Digest

10:8b:0e:8f:9d:70:d0:86:41:c1:22:5c:db:80:ff:6e:51:b7:0c:90:57:47:a6:45:b1:7c:d1:9e:01:32:0c:5b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

15/12/2022, 14:00
Valid: true

Chain 1

CN=Activesoft Co.\, Ltd,O=Activesoft Co.\, Ltd,ST=Seoul,C=KR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryA
GetProcessVersion
SetErrorMode
GetStartupInfoW
ExitProcess
RtlUnwind
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
GetACP
GetOEMCP
GetVersion
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
GetModuleHandleA
SetLastError
lstrcatW
WritePrivateProfileStringW
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
FindClose
lstrcmpiW
lstrcpynW
lstrcpyW
GetProcAddress
DeleteFileW
MoveFileW
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetLastError
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CloseHandle
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrlenW
WideCharToMultiByte
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
Sleep
FindFirstFileW
GetCommandLineA

user32

GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcW
RemovePropW
CallWindowProcW
GetPropW
SetPropW
CreateWindowExW
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassW
GetClassInfoW
WinHelpW
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconW
LoadCursorW
GetSysColorBrush
LoadStringW
DestroyMenu
SystemParametersInfoW
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongW
SetForegroundWindow
GetDlgItem
GrayStringW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextW
SetWindowTextW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameW
UnhookWindowsHookEx
GetSystemMetrics
wsprintfW
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
RegisterWindowMessageW
GetWindowLongW
EnableWindow
SetCursor
SendMessageW
PostMessageW
PostQuitMessage
MessageBoxW
GetMenuCheckMarkDimensions
UnregisterClassW

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetObjectW
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

comctl32

ord17

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

903afd4d166000ae3630f617a4f9e3ce

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

10:8b:0e:8f:9d:70:d0:86:41:c1:22:5c:db:80:ff:6e:51:b7:0c:90:57:47:a6:45:b1:7c:d1:9e:01:32:0c:5bSigner

Signature Validations

Verification

15/12/2022, 14:00 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 372KB - Virtual size: 370KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

96:b9:1f:94:f6:6a:37:25:be:22:16:9c:80:6b:99:c3
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

10:8b:0e:8f:9d:70:d0:86:41:c1:22:5c:db:80:ff:6e:51:b7:0c:90:57:47:a6:45:b1:7c:d1:9e:01:32:0c:5b
Signer

15/12/2022, 14:00
Valid: true

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 372KB - Virtual size: 370KB