tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

31.5MB
MD5

f8ea406150ae8f05b7a87830ef670d36
SHA1

94ae298252cb7cccd2abb63389287f206b440242
SHA256

abdee1545fde01d11e7bbe996e64a83462aa9a8b3625315e819adcaf986707bb
SHA512

c20e1be41855205f35a09eaee3e4be9dea8444ca5a6e5707d5843e93c18d761633dbb25cfbaac56161f52367737cf72d640ea276c15ab7599826b3b7b47ee69d
SSDEEP

786432:Rnrm4wrIhcE2irTonP29DJ+eGHxiTqtPB:BmRm72irToP29DHO

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

1ead239dbfee5b48f07fcefa81d23dbf

Code Sign

7d:74:58:05:0a:4c:81:5c:50:cd:76:e4:52:50:3c:08
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/03/2020, 00:00

Not After

22/05/2023, 23:59

Subject

CN=Eugene Investment & Securities Co.\,Ltd,O=Eugene Investment & Securities Co.\,Ltd,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:c6:40:41:1a:00:80:53:ab:b9:d1:ca:3e:8d:52:a7:d7:6a:b6:ca:95:9a:1f:14:54:d6:c0:3e:a5:dc:fb:a5
Signer

Actual PE Digest

ef:c6:40:41:1a:00:80:53:ab:b9:d1:ca:3e:8d:52:a7:d7:6a:b6:ca:95:9a:1f:14:54:d6:c0:3e:a5:dc:fb:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

lz32

LZCopy
LZOpenFileW
LZClose

msi

ord88
ord141
ord169
ord8
ord137

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetFilePointer
CompareStringA
LoadLibraryW
FindResourceExW
GetFileAttributesW
ReleaseMutex
FindClose
FreeLibrary
UnmapViewOfFile
CompareStringW
lstrcmpiW
CreateEventW
QueryPerformanceFrequency
MapViewOfFile
GetSystemInfo
VirtualQuery
IsBadReadPtr
CreateFileMappingW
CreateMutexW
GetDiskFreeSpaceW
lstrcatW
LoadLibraryExW
CreateDirectoryW
GetFileSize
GetPrivateProfileIntW
GetDriveTypeW
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemTimeAsFileTime
lstrcpynW
FindFirstFileW
SetErrorMode
SetFileAttributesW
FileTimeToLocalFileTime
GetFileTime
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentThread
lstrcmpW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrlenW
Sleep
CloseHandle
CreateProcessW
SetLastError
GetLastError
MultiByteToWideChar
ResumeThread
SetThreadContext
FlushInstructionCache
WriteProcessMemory
FreeResource
lstrcmpiA
GetPrivateProfileSectionNamesA
MulDiv
GetPrivateProfileIntA
lstrcatA
GetPrivateProfileStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
HeapCreate
VerLanguageNameW
GetExitCodeProcess
CreateThread
ReadFile
GetCommandLineW
lstrcpyA
ExitThread
GetTickCount
WideCharToMultiByte
GetLocaleInfoW
IsValidLocale
GetTempPathW
GetVersionExW
CreateFileW
InterlockedIncrement
GetWindowsDirectoryW
InterlockedDecrement
LocalFree
FormatMessageW
GlobalFree
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
LockResource
GetSystemDirectoryW
SetCurrentDirectoryW
WaitForSingleObject
DeleteFileW
RemoveDirectoryW
ExitProcess
GetCurrentProcess
DuplicateHandle
TerminateProcess
MoveFileExW
GetThreadContext
VirtualProtectEx
HeapReAlloc
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetStdHandle
HeapSize
LCMapStringW
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
FindNextFileW
lstrcmpA
SearchPathW
VirtualProtect
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
ResetEvent
GetCurrentProcessId
GetVersion
GetACP
GetCPInfo
GetStartupInfoW
RtlUnwind
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
OpenProcess
SetFileTime
GetTimeFormatW
GetDateFormatW
GetTempFileNameW
GetLocalTime
CompareFileTime
SetUnhandledExceptionFilter

user32

DialogBoxIndirectParamW
WaitForInputIdle
wsprintfW
MessageBoxW
SetActiveWindow
SetForegroundWindow
SetWindowLongW
InflateRect
GetMessageW
DefWindowProcW
LoadStringW
FillRect
GetSysColor
GetPropW
EnableMenuItem
SetPropW
RemovePropW
SetFocus
EndPaint
BeginPaint
GetWindow
SystemParametersInfoW
GetSystemMetrics
MapWindowPoints
LoadImageW
CreateDialogParamW
GetDC
ReleaseDC
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
IsWindowVisible
CreateDialogIndirectParamW
PostMessageW
ShowWindow
EnableWindow
ScreenToClient
SetWindowPos
FindWindowExW
IsDialogMessageW
MsgWaitForMultipleObjects
ExitWindowsEx
SetWindowTextW
CallWindowProcW
DrawFocusRect
CharUpperW
DrawTextW
GetWindowDC
CopyRect
GetClassNameW
CreateWindowExW
wsprintfA
EnumChildWindows
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
IntersectRect
RegisterClassExW
GetDlgItemTextW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindow
DestroyWindow
SendDlgItemMessageW
GetWindowLongW
SetDlgItemTextW
GetWindowRect
MoveWindow
EndDialog
LoadIconW
GetDlgItem
SendMessageW

gdi32

DeleteMetaFile
CreateDCW
GetStockObject
CreateCompatibleBitmap
CreatePatternBrush
GetTextExtentPoint32W
CreateDIBitmap
SetMetaFileBitsEx
SetStretchBltMode
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
TextOutW
CreateSolidBrush
RestoreDC
SaveDC
GetDeviceCaps
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
TranslateCharsetInfo

advapi32

RegCloseKey
RegEnumValueW
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyW
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryValueExW

shell32

SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
VarBstrCat
GetErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysReAllocStringLen
VarBstrCmp

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ead239dbfee5b48f07fcefa81d23dbf

Code Sign

7d:74:58:05:0a:4c:81:5c:50:cd:76:e4:52:50:3c:08Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ef:c6:40:41:1a:00:80:53:ab:b9:d1:ca:3e:8d:52:a7:d7:6a:b6:ca:95:9a:1f:14:54:d6:c0:3e:a5:dc:fb:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

lz32

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 290KB - Virtual size: 290KB

7d:74:58:05:0a:4c:81:5c:50:cd:76:e4:52:50:3c:08
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ef:c6:40:41:1a:00:80:53:ab:b9:d1:ca:3e:8d:52:a7:d7:6a:b6:ca:95:9a:1f:14:54:d6:c0:3e:a5:dc:fb:a5
Signer

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 290KB - Virtual size: 290KB