tmp | Triage

Submit
Reports

Overview

overview

1

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

tmp
Size

8KB
MD5

ca8765752ecf5f995e539ed6f2d9440a
SHA1

5254e37c8a6c075661db2f83c16d92ac5b97ef30
SHA256

6d45bf3f6c8b142360d02b5143b1dd078d72ab12162cb5caa5f67405718aeaed
SHA512

3ab1706be6c6c717e5d4d5315daf3589b4eb16b092864d2b449f3b00a55a1e210e1d2d1111aaa26c34b322d63def301bcd6c987bf5ad5ba0da26504804768be6
SSDEEP

96:x2e8NhV1WBsy/BplNTv1nG9JA2t4cGx+NYFK/NJfAi:x2p/CBsy/BplN5eJV4cfuFK/NJ

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x64

103e4720bea6ba3f0364a417a0e6148c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmIsAddressValid
ZwQuerySystemInformation
ExAllocatePoolWithTag
ExFreePoolWithTag
ObfDereferenceObject
RtlInitUnicodeString
MmCopyVirtualMemory
IoCreateDriver
IoGetCurrentProcess
PsLookupProcessByProcessId
IoCreateDevice
PsGetProcessSectionBaseAddress
IofCompleteRequest
IoCreateSymbolicLink
ProbeForRead
strcmp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy