tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

1.7MB
MD5

9b329956bf938c36fe12b1524eff3be0
SHA1

3291b58193a3c5fc5474cf0d74d5bcc009a03af3
SHA256

e188218c37cc8a570fbcdc84e9ac9116c3a8a958c945dbf7fdecdde78ae43480
SHA512

d9d23bb52cdd394b827cdb3e582757c82c828cba0bab443dde5468889843dae4a1372fd57375f3095f805660ea727fd17735dcedf16cd897995eb354b136bbb0
SSDEEP

24576:mkAgHyFfkacLnDDqWXeI4XI29huCbK4Nkk7tGlU0nDSnIbNk8aq1UZxKwiP2w9+n:dyFfCDDDLe9fFbntGlwsrr+7Lw2yjUlT

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x64

e185c011f6fe26e5b7589294dce332b4

Code Sign

dc:c8:1e:f1:94:27:b6:b6:2b:71:7e:6e:92:ec:28:13
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/12/2014, 00:00

Not After

16/12/2015, 23:59

Subject

CN=Nantong Zirui Information Technology Co.\,Ltd.,O=Nantong Zirui Information Technology Co.\,Ltd.,POSTALCODE=226500,STREET=No. 216 Changtai Road\,NanTong City,L=NanTong,ST=JiangSu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a1:86:fd:77:cf:15:40:e5:23:90:51:ab:65:9e:09:f3:fb:fb:46:67:d0:c8:39:07:6c:ed:94:a3:d6:bb:31
Signer

Actual PE Digest

74:a1:86:fd:77:cf:15:40:e5:23:90:51:ab:65:9e:09:f3:fb:fb:46:67:d0:c8:39:07:6c:ed:94:a3:d6:bb:31

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nantong Zirui Information Technology Co.\,Ltd.,O=Nantong Zirui Information Technology Co.\,Ltd.,POSTALCODE=226500,STREET=No. 216 Changtai Road\,NanTong City,L=NanTong,ST=JiangSu,C=CN

13/04/2023, 18:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointer
GetProcAddress
GetModuleHandleW
GetVersionExW
LoadLibraryExW
lstrcatW
lstrlenW
GetSystemDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFileTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetTempPathW
GetCommandLineW
GetModuleFileNameW
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc

user32

MessageBoxA

shell32

ShellExecuteExW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e185c011f6fe26e5b7589294dce332b4

Code Sign

dc:c8:1e:f1:94:27:b6:b6:2b:71:7e:6e:92:ec:28:13Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

74:a1:86:fd:77:cf:15:40:e5:23:90:51:ab:65:9e:09:f3:fb:fb:46:67:d0:c8:39:07:6c:ed:94:a3:d6:bb:31Signer

Signature Validations

Verification

13/04/2023, 18:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

dc:c8:1e:f1:94:27:b6:b6:2b:71:7e:6e:92:ec:28:13
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

74:a1:86:fd:77:cf:15:40:e5:23:90:51:ab:65:9e:09:f3:fb:fb:46:67:d0:c8:39:07:6c:ed:94:a3:d6:bb:31
Signer

13/04/2023, 18:10
Valid: false

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB