tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

1.0MB
MD5

77d6c227485a414fd6676dc5a006a9cf
SHA1

0a8e50fa0ab33ae1dcaae21774b3238fadd6457c
SHA256

61c9a03a1d0603b58bfc58651c06825acdb62afc621d1ed9ef2c6b73d0da5cdf
SHA512

22504451fa1b694edabb5b3098e87044bdd24908674a6f0a50da89e41018ce8e6e56f8ece73ad4be7eda3692d069e848ec177861ee7947eef458d85bfd92df97
SSDEEP

24576:EPjEdvLuFy/c4Ka75kH+EXGwDLzC4lt4woWYRemb3/C:Ujo2yDKa75kH+gvzz/4w9Y3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x64

a05aa64dd13ec249eaa19572667e46d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExW
VerSetConditionMask
GetSystemTimeAsFileTime
FileTimeToSystemTime
ResetEvent
CreateThread
SetEvent
CreateEventW
VirtualQuery
WideCharToMultiByte
CreateProcessW
GetCurrentProcessId
GetCurrentDirectoryW
GetSystemInfo
DeleteFileW
GlobalFlags
GetFileAttributesExW
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
GetFileAttributesW
FindFirstFileExW
SetStdHandle
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
FormatMessageW
WaitForMultipleObjects
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
QueryPerformanceCounter
FindClose
PeekNamedPipe
GetModuleFileNameW
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetTickCount
ExitProcess
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LeaveCriticalSection
RaiseException
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
WritePrivateProfileStringW
ExpandEnvironmentStringsW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
Process32NextW
Process32FirstW
HeapFree
CreateToolhelp32Snapshot
OpenProcess
lstrcmpiW
TerminateProcess
Sleep
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
IsValidCodePage
RtlUnwind

user32

GetFocus
GetDesktopWindow
MessageBoxW
UnregisterClassW
GetActiveWindow
IsWindow
SetFocus
GetWindowLongW
SetWindowPos
DestroyWindow
GetTopWindow
DestroyIcon
SetWindowLongW
IsZoomed
SetRect
ScreenToClient
MessageBeep
ShowWindow
InvalidateRect
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
SendMessageW
GetKeyState
SetCursor
AdjustWindowRectEx
ReleaseDC
GetClientRect
GetWindowDC
GetSystemMetrics
GetDC
GetWindowRect
LoadImageW
GetParent
LoadCursorW
LoadIconW
RegisterClassW
GetClassInfoW
LoadStringW
GetWindowLongPtrW
CreateWindowExW
EnumWindows
MoveWindow
GetMonitorInfoW
WaitForInputIdle
SetActiveWindow
MonitorFromWindow
GetWindowThreadProcessId
wsprintfW
CharNextW
GetClassInfoExW
PostQuitMessage
TranslateAcceleratorW
RegisterClassExW
DeleteMenu
SetWindowLongPtrW
PostMessageW
GetDlgItem
GetSysColor
IsWindowEnabled
FillRect
CallWindowProcW
EnableWindow
EndPaint
GetNextDlgTabItem
BeginPaint
IsIconic
GetClassNameW
IntersectRect
IsRectEmpty
WinHelpW
OffsetRect
RedrawWindow
ClientToScreen
SetParent
PtInRect
GetLastActivePopup
GetSystemMenu
GetWindow
IsWindowVisible
SetWindowRgn
DrawIcon
IsDialogMessageW
GetDlgCtrlID
IsChild
SetMenu

gdi32

GetDeviceCaps
DeleteDC
GetObjectW
SetStretchBltMode
DeleteObject
GdiAlphaBlend
CreateCompatibleDC
SetDIBColorTable
CreateDIBSection
SelectObject
CreateFontIndirectW
CreateSolidBrush
SetBkColor
SetTextColor
CreateEllipticRgn
CreateRoundRectRgn
GetClipBox
ExcludeClipRect
GetTextMetricsW
GetStockObject

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegDeleteKeyW

shell32

DragQueryFileW
DragFinish
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarUI4FromStr

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

wldap32

ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord27
ord143

ws2_32

inet_pton
WSAGetLastError
WSACleanup
WSAStartup
__WSAFDIsSet
gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
ntohl
ioctlsocket
listen
htonl
socket
send
recv
closesocket
accept
WSAIoctl
setsockopt
select
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
ntohs

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipSetCompositingMode
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipDisposeImage

crypt32

CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptStringToBinaryA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
PFXImportCertStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a05aa64dd13ec249eaa19572667e46d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wldap32

ws2_32

gdiplus

crypt32

Sections

.text Size: 736KB - Virtual size: 735KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 33KB - Virtual size: 32KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 736KB - Virtual size: 735KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 33KB - Virtual size: 32KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 6KB - Virtual size: 5KB