tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

589KB
MD5

b61976c8c1f30dfba055f19f00b3b275
SHA1

4d66f69643c823c6ac7328a333096afb5f9f2371
SHA256

3e69db198975fe2458fd9b05c49692d46a429edfba4a129fd8f969bd28fbe3a2
SHA512

27caaf03d32dd6695f04ac87faa8521d5dcf0701f73c6fbf6dbe2ea21f127e872ba00688e7d21451b66388e3f73181c8b170feca0b2b9e03abccaa0533c16d61
SSDEEP

6144:MTOuy+iTPC6i7u+W/XkbZpOXYicJMYgTsGSH8BZrmxw+V2oUg8lLLtoatc:qes4kkBTCb7Wq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x86

bc995d314526062de9c69ce50fed50d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetTickCount
GetCommandLineA
IsProcessorFeaturePresent
SetLastError
InterlockedDecrement
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
OutputDebugStringA
WaitForSingleObject
IsBadWritePtr
HeapDestroy
CreateEventW
ExitProcess
GetLastError
WideCharToMultiByte
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
MulDiv
GetProcessHeap
TerminateProcess
HeapAlloc

user32

ReleaseDC
GetDC
GetSystemMetrics

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

StretchBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectClipRgn
LineTo
SetStretchBltMode
MoveToEx
GetDeviceCaps
ExtTextOutW
TextOutW
BitBlt
ExtSelectClipRgn
DeleteDC
DeleteObject
GdiFlush
CreateDIBSection

winmm

waveOutOpen
waveOutClose
waveOutGetVolume
PlaySoundW

msimg32

GradientFill

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc995d314526062de9c69ce50fed50d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winmm

msimg32

Sections

.text Size: 450KB - Virtual size: 450KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 3KB - Virtual size: 11KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 450KB - Virtual size: 450KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 3KB - Virtual size: 11KB

.reloc
Size: 5KB - Virtual size: 4KB