tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

2.2MB
MD5

1ce3a984520973efb92f44d9836b2d67
SHA1

b1e551f8391c9a416e40752b580603b0810a1026
SHA256

6b76e4478686dbbdd442ad3a8dc22ff90fcfe3987729ec28b42b68ad3d2e91b3
SHA512

679283439693b07819886aaf8e76b7b8c069783977cb511e3fab69db00e57ade6c7d88fcc7bc225ab21206055cb85629d2c87fdf10b7f56ab44348b22f160406
SSDEEP

24576:DCznpMq2TRYjBrGlyix3fhSGmBSKtBcobDRzm/YGau3odv4NrsMcKLOK:D/q2dlP8aoHZxGB7

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x64

c2f1b7892210a62b55c640ddb3d4d6cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:80:21:d8:4f:09:8e:7a:bd:e1:99:f8:18:e2:11:a4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/12/2014, 00:00

Not After

02/03/2018, 23:59

Subject

CN=CPUID,O=CPUID,L=DUNKERQUE,ST=NORD,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:32:35:11:2d:b6:10:aa:a7:64:f3:3e:ea:f2:15:ba:f8:c3:bc:22
Signer

Actual PE Digest

03:32:35:11:2d:b6:10:aa:a7:64:f3:3e:ea:f2:15:ba:f8:c3:bc:22

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CPUID,O=CPUID,L=DUNKERQUE,ST=NORD,C=FR

23/07/2015, 12:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

CreateServiceA
RegOpenKeyExW
RegQueryValueW
RegCloseKey
DeleteService
OpenServiceA
StartServiceA
ControlService
OpenSCManagerA
RegQueryValueExA
RegSetValueW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyExW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
CloseServiceHandle

kernel32

LocalReAlloc
DeleteCriticalSection
TlsFree
lstrlenA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
MoveFileW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetShortPathNameW
CreateFileW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
GetFileSizeEx
GetSystemDirectoryW
SetErrorMode
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
TlsSetValue
HeapCreate
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
GetFileAttributesW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GlobalGetAtomNameW
GlobalFree
GlobalAlloc
FormatMessageW
GetCurrentProcessId
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
QueryPerformanceCounter
GetVersionExW
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetLastError
GetModuleHandleW
GetModuleFileNameW
GetComputerNameW
GetCurrentDirectoryW
CreateProcessW
CreateProcessA
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
QueryPerformanceFrequency
GetTickCount
ReadFile
SetThreadAffinityMask
WaitForSingleObject
ResumeThread
WriteConsoleA
GetSystemInfo
LocalAlloc
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetFilePointer
GetTempPathA
GetModuleHandleA
FindResourceA
GetWindowsDirectoryA
WriteFile
DeleteFileA
RemoveDirectoryA
GetComputerNameA
CreateFileA
DeviceIoControl
GetCurrentDirectoryA
GetModuleFileNameA
CreateDirectoryA
CreateMutexA
GetVersionExA
GetCurrentProcess
LoadLibraryA
WinExec
lstrlenW
lstrcatW
lstrcpyW
SetLastError
DeleteFileW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetCurrentDirectoryW
SetThreadPriority
CreateThread
ExitThread
Sleep
HeapSetInformation
ReleaseMutex

user32

IsZoomed
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
PostQuitMessage
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
GetActiveWindow
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
GetDesktopWindow
TranslateAcceleratorW
GetMenuStringW
InsertMenuW
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetRect
UnregisterClassW
CharUpperW
DestroyIcon
DeleteMenu
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
IsWindowEnabled
GetMenuItemInfoW
SetScrollPos
GetScrollPos
SetForegroundWindow
IsWindowVisible
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
IsWindow
wsprintfA
LoadImageW
CreateCursor
GetSystemMetrics
SetCursor
SetTimer
KillTimer
SetWindowLongW
GetWindowRect
LoadBitmapW
MessageBoxW
UpdateWindow
InflateRect
DrawFocusRect
DrawEdge
GetSysColor
IsRectEmpty
CopyRect
InvalidateRect
ReleaseDC
GetDC
GetParent
SendMessageW
PtInRect
GetWindowLongW
GetClientRect
EnableWindow
GetForegroundWindow
GetMessagePos

gdi32

ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
TextOutW
GetDeviceCaps
PtVisible
CreateSolidBrush
GetTextMetricsW
GetBkColor
CreateCompatibleDC
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectW
GetStockObject
GetPixel
CreateBitmap
GetObjectW
CreateFontW
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

SHGetFolderPathA
DragFinish
DragQueryFileW
ExtractIconW
SHGetFileInfoW
ShellExecuteW

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

ole32

CoInitializeEx
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2f1b7892210a62b55c640ddb3d4d6cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2d:80:21:d8:4f:09:8e:7a:bd:e1:99:f8:18:e2:11:a4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:32:35:11:2d:b6:10:aa:a7:64:f3:3e:ea:f2:15:ba:f8:c3:bc:22Signer

Signature Validations

Verification

23/07/2015, 12:49 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

advapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 337KB - Virtual size: 336KB

.data Size: 118KB - Virtual size: 153KB

.pdata Size: 64KB - Virtual size: 63KB

.rsrc Size: 415KB - Virtual size: 415KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2d:80:21:d8:4f:09:8e:7a:bd:e1:99:f8:18:e2:11:a4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:32:35:11:2d:b6:10:aa:a7:64:f3:3e:ea:f2:15:ba:f8:c3:bc:22
Signer

23/07/2015, 12:49
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 337KB - Virtual size: 336KB

.data
Size: 118KB - Virtual size: 153KB

.pdata
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 415KB - Virtual size: 415KB