tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

88.0MB
MD5

c950b969b17d399030d70ad4943fdaaf
SHA1

e589e6362e3da76fe8806aac11ffdc1376fcdcf6
SHA256

768601e4d7be4b5876a9a0c95ee46010fb7fa8ecf71e4c264c3be81b2237998d
SHA512

50971ab794b89d5545d88f1eff6f4aeda59b7d1fd83bbdcbc70e56ea91d437235ef88f6cdba0b95e530846f930e2a5da4bec0424b90fa968c8f6bdf54235cc33
SSDEEP

1572864:hO4v4rL7dKqq3O3T03NmA8/iJLhmc7gApTxq1N3YOeNmA8/iJLhmc7gpwh:hO4v4rMqq3CTuNmf/OLUc7gK9q1NovNF

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

d3d63f5942c9c67c916380f167f943ad

Code Sign

52:a4:e1:16:72:4a:21:78:6c:e5:e5:c0:9e:66:20:9a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-07-2016 00:00

Not After

27-07-2017 23:59

Subject

CN=FSD International\, Inc,O=FSD International\, Inc,POSTALCODE=66061,STREET=1121 N Annie,L=Olathe,ST=Kansas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:36:2a:36:d5:f9:de:38:69:1c:f3:8b:18:b0:65:a7:60:f4:db:6e
Signer

Actual PE Digest

4d:36:2a:36:d5:f9:de:38:69:1c:f3:8b:18:b0:65:a7:60:f4:db:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathW

rpcrt4

UuidCreate

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

kernel32

CopyFileW
DeleteFileW
GetThreadLocale
LoadLibraryW
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
InterlockedDecrement
GetCurrentProcessId
FindNextFileW
FileTimeToLocalFileTime
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
SetThreadPriority
SuspendThread
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalGetAtomNameW
SetErrorMode
GetFileAttributesW
GetFileSizeEx
GlobalFlags
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryW
lstrcpyW
GetTempFileNameW
GetTempPathW
SearchPathW
GetTickCount
GetProfileIntW
VirtualProtect
FindResourceExW
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MoveFileA
ExitThread
RtlUnwind
RaiseException
SetStdHandle
ExitProcess
HeapSize
VirtualAlloc
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GlobalSize
LCMapStringW
LCMapStringA
FormatMessageA
CreateThread
TerminateThread
GetExitCodeThread
GetStdHandle
GetFileType
GetCurrentThreadId
GetSystemInfo
SetEnvironmentVariableA
SetLastError
lstrlenA
GetComputerNameA
SystemTimeToFileTime
SetFileTime
GetFileTime
FileTimeToSystemTime
SetFileAttributesA
CreateEventA
GetOverlappedResult
CreateProcessA
Sleep
GetModuleFileNameA
GetVolumeInformationA
GetWindowsDirectoryA
GetFileInformationByHandle
GlobalReAlloc
GetSystemDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
WriteFile
ReadFile
GetDiskFreeSpaceA
SetFilePointer
GetFileAttributesA
GetSystemTime
GetLocalTime
DeleteFileA
FlushFileBuffers
GetVersionExA
LoadLibraryA
FreeLibrary
LocalAlloc
GetCurrentProcess
GetCurrentThread
CreateFileW
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetVersion
GetProcAddress
GetModuleHandleW
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
RemoveDirectoryW
GetComputerNameW
GlobalMemoryStatusEx
GetDriveTypeW
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
CloseHandle
DeviceIoControl
CreateFileA
LocalFree
FindClose
WideCharToMultiByte
lstrlenW
GlobalMemoryStatus
FindFirstFileW
FormatMessageW
GetLastError
MultiByteToWideChar
CreateDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
GetConsoleMode

wininet

InternetCheckConnectionW

user32

WindowFromPoint
SetCapture
UnregisterClassW
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowOwnedPopups
GetMessageW
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
SetWindowContextHelpId
MapDialogRect
SystemParametersInfoW
MessageBeep
RedrawWindow
IsZoomed
PostQuitMessage
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
WaitMessage
DeleteMenu
SetRectEmpty
PostThreadMessageW
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetAsyncKeyState
DestroyAcceleratorTable
LoadAcceleratorsW
CreateAcceleratorTableW
SetWindowRgn
NotifyWinEvent
CreatePopupMenu
SetParent
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
SetClassLongW
IsMenu
KillTimer
IsRectEmpty
BringWindowToTop
LockWindowUpdate
EnumChildWindows
MessageBoxW
EnableWindow
GetClientRect
LoadImageW
SendMessageW
LoadIconW
GetSystemMenu
AppendMenuW
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
PeekMessageW
TranslateMessage
DispatchMessageW
SetRect
GetDC
ReleaseDC
InvalidateRect
FillRect
GetSysColor
CopyRect
GetWindowRect
GetCursorPos
ScreenToClient
PtInRect
SetCursor
PeekMessageA
DispatchMessageA
wsprintfA
DefWindowProcA
FindWindowA
GetWindowTextA
SendMessageA
UnregisterClassA
DestroyWindow
WaitForInputIdle
EnumThreadWindows
CreateWindowExA
RegisterClassA
MessageBoxA
GetDesktopWindow
EndDialog
EndPaint
BeginPaint
ShowWindow
SetWindowPos
RegisterClassExA
LoadCursorA
UpdateWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
GetMenuState
CharUpperW
UnhookWindowsHookEx
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetNextDlgTabItem
GetDlgItem
IsWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
LoadMenuW
RegisterClipboardFormatW
DrawStateW
OpenClipboard
CopyImage
DestroyIcon
SetClipboardData
CloseClipboard
EmptyClipboard
CharNextW
InvalidateRgn
GetNextDlgGroupItem
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
SetCursorPos
UnionRect
EnableScrollBar
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
IsCharLowerW
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffW
CopyIcon
SubtractRect
GetIconInfo
GetDoubleClickTime
CreateMenu
GetWindowRgn
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
IsWindowVisible
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
DestroyCursor
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
ReleaseCapture

gdi32

GetDeviceCaps
CreateSolidBrush
DPtoLP
OffsetRgn
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
GetTextColor
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
SelectObject
DeleteObject
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
GetWindowOrgEx
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
TextOutA
SetBkMode
CopyMetaFileW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
CreateBitmap
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
GetDIBits
SetRectRgn
CombineRgn
PtInRegion
GetMapMode

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumValueA
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
GetFileSecurityW
GetSecurityDescriptorOwner
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
GetTokenInformation
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExW
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
GetUserNameW
LookupAccountNameW
ConvertSidToStringSidW

shell32

ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
FindExecutableA
SHGetSpecialFolderPathW
DragFinish
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoFreeUnusedLibraries
OleUninitialize
OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
StringFromGUID2
OleInitialize

oleaut32

VariantInit
SysFreeString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
SysAllocStringLen
VariantClear
OleLoadPicture
SysStringLen
SysAllocString

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits

ws2_32

connect
socket
shutdown
closesocket
recv
send
WSACleanup
gethostbyname
htons
inet_addr
WSAStartup
setsockopt

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3d63f5942c9c67c916380f167f943ad

Code Sign

52:a4:e1:16:72:4a:21:78:6c:e5:e5:c0:9e:66:20:9aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4d:36:2a:36:d5:f9:de:38:69:1c:f3:8b:18:b0:65:a7:60:f4:db:6eSigner

Headers

DLL Characteristics

File Characteristics

Imports

shfolder

rpcrt4

shlwapi

kernel32

wininet

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

gdiplus

ws2_32

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 424KB - Virtual size: 424KB

.data Size: 37KB - Virtual size: 70KB

.rsrc Size: 614KB - Virtual size: 614KB

.reloc Size: 157KB - Virtual size: 156KB

52:a4:e1:16:72:4a:21:78:6c:e5:e5:c0:9e:66:20:9a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4d:36:2a:36:d5:f9:de:38:69:1c:f3:8b:18:b0:65:a7:60:f4:db:6e
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 424KB - Virtual size: 424KB

.data
Size: 37KB - Virtual size: 70KB

.rsrc
Size: 614KB - Virtual size: 614KB

.reloc
Size: 157KB - Virtual size: 156KB