tmp[.]exe | Triage

General

Target

tmp.exe
Size

3.0MB
MD5

0db22b35982bdec537746283a36ed7f5
SHA1

082c0218141844e014c2f0e8ede8939ded98e4a1
SHA256

4981268350420a1db0a738ee62dff71c1275b3d3e5fb8b81d7d9c6c8576f8ada
SHA512

717af63f957d835eb98db3306f729433ac1e3b347708486509acec9b6ae6babb660f9d7e64d81eb5d74aea2ca91e4eb76f25c2187b315b34b596cf4f2b5c204f
SSDEEP

49152:mJd6Hh6z8tNI0oJWR55hi1YYrUz0LOZlj6:Yd6HAQtajIRPhYYYrUz0La5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp.exe

Files

tmp.exe
.exe windows x86

715eed6e1806b87b168dfa31e070d3ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
CreateActCtxA
ActivateActCtx
DeactivateActCtx
CreateThread
SuspendThread
ResumeThread
OpenThread
GetFileAttributesA
GetCurrentThreadId
GetCurrentProcessId
ReleaseActCtx
CreateFileMappingA
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
ExitProcess
VirtualAlloc
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStringTypeW
GetLastError
SetLastError
MultiByteToWideChar
GetACP
DecodePointer
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleHandleExW
WideCharToMultiByte
RaiseException
RtlUnwind
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 834KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

715eed6e1806b87b168dfa31e070d3ad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 834KB - Virtual size: 836KB

.gfids Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 834KB - Virtual size: 836KB

.gfids
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB