tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

1.5MB
MD5

09f16ecc21bd2d570fd6c6411128b714
SHA1

71dd57498b1989e7c61e1c4865f306e5d5e222f2
SHA256

0f6b398bf5f91af3ec82ad6a7417ec3dd71f7f220409d5c327b63a4c7334e844
SHA512

2b89d3c3e6722da0c7acfb8468aebfe112fadda93f71708e48035b9bb0ea35120a0eb1d04c80c4d2c4a2004f866f71d8a072f1f8ebc567d2813b243ac21488e1
SSDEEP

49152:KBrY2fc7XyDjhZ0j5Jl34KZbGiJyXoogg:ArncjyDNajHZbGi4

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

91988c477478d60065d1365bb7a1b24c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:63:02:54:87:1f:80:c8:13:ea:41:9e:88:dc:8f:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-06-2015 00:00

Not After

04-07-2016 23:59

Subject

CN=Yonyou Network Technology Co.\,Ltd,OU=U8 Platform,O=Yonyou Network Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:c8:cf:5c:31:10:41:7c:f7:f2:b1:e1:19:d2:51:96:47:55:99:ea
Signer

Actual PE Digest

5f:c8:cf:5c:31:10:41:7c:f7:f2:b1:e1:19:d2:51:96:47:55:99:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipCreatePen1
GdipCreateSolidFill
GdipAlloc
GdipCreateHICONFromBitmap
GdipDeleteBrush
GdipCloneBrush
GdipFillPath
GdipDrawPath
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipGetClip
GdipSetClipRegion
GdipFillEllipseI
GdipDrawEllipseI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenDashStyle
GdipGetLogFontW
GdipDeleteRegion
GdipCreateRegion
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRectI
GdipSetWorldTransform
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreateLineBrushFromRectI
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipBitmapGetPixel
GdipGetImageHeight
GdipMeasureString
GdipFillRectangleI
GdipDrawRectangleI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHWND
GdipCreateFromHDC
GdipDeletePen

wininet

InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetOpenW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetQueryOptionW
InternetCrackUrlW
InternetCloseHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

VirtualAlloc
UnregisterWaitEx
InitializeSListHead
SetFilePointerEx
GetFileType
MoveFileExW
ReadConsoleW
FlushFileBuffers
GetStdHandle
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
CreateTimerQueue
LoadLibraryExW
ExitThread
CreateThread
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineW
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
ReadFile
SystemTimeToTzSpecificLocalTime
FindClose
FindNextFileW
FindFirstFileExW
AreFileApisANSI
GetCPInfo
EncodePointer
GetStringTypeW
SystemTimeToFileTime
GetFileAttributesExW
CreateFileW
SetFileTime
VirtualFree
DeleteFileW
GetLastError
FormatMessageW
Sleep
CreateDirectoryA
GetCurrentProcessId
GetModuleFileNameA
GetSystemTimeAsFileTime
GetVersionExW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetTickCount
lstrlenW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
GetCurrentThreadId
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
FileTimeToSystemTime
GetShortPathNameW
CopyFileW
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
FindResourceW
LoadResource
FreeResource
SizeofResource
LockResource
GetFileSize
WriteFile
LoadLibraryW
FreeLibrary
GlobalMemoryStatusEx
VirtualProtect
GetProcessId
GetTempPathW
SetCurrentDirectoryW
lstrcmpW
OutputDebugStringW
RemoveDirectoryW
GetEnvironmentVariableW
GlobalMemoryStatus
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
InterlockedDecrement
lstrlenA
LoadLibraryA
GetLongPathNameW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
GetCurrentDirectoryW
DosDateTimeToFileTime
LocalFree
CloseHandle
SetFileAttributesW

user32

CopyRect
UnionRect
IntersectRect
OffsetRect
GetKeyState
PeekMessageW
GetWindowTextW
GetIconInfo
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
SetWindowTextW
SetWindowLongW
IsWindow
TranslateAcceleratorW
IsChild
DestroyWindow
ShowWindow
DefWindowProcW
FillRect
EndPaint
BeginPaint
CreateWindowExW
SetFocus
LoadCursorW
LoadAcceleratorsW
SendMessageW
EnumWindows
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
GetWindowThreadProcessId
MessageBoxW
ShowWindowAsync
SetActiveWindow
GetClassNameW
GetFocus
InvalidateRect
ReleaseDC
GetWindowDC
ScreenToClient
PostQuitMessage
IsWindowVisible
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuW
MoveWindow
LoadIconW
IsZoomed
IsIconic
DestroyMenu
KillTimer
SetTimer
PostMessageW
wsprintfW
SetWindowPos
MapWindowPoints
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow
GetWindow
GetClientRect
GetWindowRect
RegisterClassW
GetWindowLongW

gdi32

GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
CreateFontIndirectW
DeleteDC
GetDIBits
CreateCompatibleDC
DeleteObject

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHChangeNotify

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize

oleaut32

VariantClear
VariantCopy
VariantInit
SysFreeString
GetErrorInfo
SysAllocString

shlwapi

StrCpyNW
StrCmpW
PathIsDirectoryA
wnsprintfW
StrCmpNW
StrCmpIW
StrCpyW
StrChrW

ws2_32

WSAGetLastError
socket
inet_addr
htons
connect
send
inet_ntoa
getsockname
gethostbyname
closesocket
WSACleanup
WSAStartup

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91988c477478d60065d1365bb7a1b24c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

41:63:02:54:87:1f:80:c8:13:ea:41:9e:88:dc:8f:3cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5f:c8:cf:5c:31:10:41:7c:f7:f2:b1:e1:19:d2:51:96:47:55:99:eaSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 876KB - Virtual size: 875KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 24KB - Virtual size: 48KB

.rsrc Size: 423KB - Virtual size: 422KB

.reloc Size: 48KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

41:63:02:54:87:1f:80:c8:13:ea:41:9e:88:dc:8f:3c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5f:c8:cf:5c:31:10:41:7c:f7:f2:b1:e1:19:d2:51:96:47:55:99:ea
Signer

.text
Size: 876KB - Virtual size: 875KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 24KB - Virtual size: 48KB

.rsrc
Size: 423KB - Virtual size: 422KB

.reloc
Size: 48KB - Virtual size: 48KB