tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

1021KB
MD5

440855bc89ed7e99c5c5829d6ffdeb25
SHA1

829686466fe01c169c539d50b36823d3f6fdccb7
SHA256

e4afbd23adcf06c2c9a1d448846bc77fc33393b36f62e8e051f819396d0c13e7
SHA512

bfad59d470b6e55cb32d21cfd471e926522a4f17bdecf437593c3a8d79383cdf52313ee0956c092df78b258395c83fdb425dfa0191fc8427fd6b79ee4bffeebd
SSDEEP

12288:8IHNd3Ccx0nAuOUp5WGTsXeOkvCx8mwPajxjNXjFoUx:8IHj90ndOUXfx9Cx35xjNXjqUx

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

81131863aa172f2be99b286989936002

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:8a:ad:6f:0d:ed:59:8a:b9:8c:bf:81:18:7c:91:bb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/09/2012, 00:00

Not After

15/09/2013, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Production CS+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:09:2f:5f:5c:e0:6a:69:60:15:65:7b:fb:9e:8a:ab:0f:f9:17:0f
Signer

Actual PE Digest

e9:09:2f:5f:5c:e0:6a:69:60:15:65:7b:fb:9e:8a:ab:0f:f9:17:0f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA

comctl32

CreateToolbarEx
ImageList_Create
ImageList_Destroy
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
GetStockObject
SelectObject
SetBkMode
SetPixel
SetTextColor

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeConsole
FreeLibrary
GetCommandLineA
GetComputerNameA
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strcoll
strlen
tolower
vfprintf
wcstombs

user32

BeginPaint
CharLowerA
DefWindowProcW
DispatchMessageA
EndPaint
GetClientRect
GetMessageA
RegisterClassA
TranslateMessage

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW

Sections

.text
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 136B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81131863aa172f2be99b286989936002

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

60:8a:ad:6f:0d:ed:59:8a:b9:8c:bf:81:18:7c:91:bbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e9:09:2f:5f:5c:e0:6a:69:60:15:65:7b:fb:9e:8a:ab:0f:f9:17:0fSigner

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

user32

userenv

Sections

.text Size: 699KB - Virtual size: 699KB

.data Size: 512B - Virtual size: 440B

.rdata Size: 7KB - Virtual size: 7KB

.eh_fram Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 136B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 298KB - Virtual size: 298KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

60:8a:ad:6f:0d:ed:59:8a:b9:8c:bf:81:18:7c:91:bb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e9:09:2f:5f:5c:e0:6a:69:60:15:65:7b:fb:9e:8a:ab:0f:f9:17:0f
Signer

.text
Size: 699KB - Virtual size: 699KB

.data
Size: 512B - Virtual size: 440B

.rdata
Size: 7KB - Virtual size: 7KB

.eh_fram
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 136B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 298KB - Virtual size: 298KB