tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

788KB
MD5

6b894b0823a096f04bdd106c456cef31
SHA1

bfb8bb63968e2b3654b026a15370f62cda5b965d
SHA256

e50e1d483294fa94369ad2fa935567db1e63f0e6e9da67d6c63e574305e0527d
SHA512

78b7156fce5c78b521ad16277a53a4126cfc74aaff2757636ff7875204ab8f4eda56eb74a6c29206d7a01a6fdec2c1b4bba99da5a500122a3a2c519146879848
SSDEEP

12288:ATb5QSPaIRHDUbC5JqMktQrsNG78wQGwBzTNhY76HeW9oeGNFJyp+Gg:ATbKSX9DUm5qfw3uzRhY2+WPYM8j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x64

5fae62387e981eb2c7609e72044ae51d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
CloseHandle
GetLastError
HeapCreate
ConvertThreadToFiber
CreateFiber
SwitchToFiber
CreateThread
SuspendThread
OpenThread
WaitForSingleObject
SetFileAttributesA
SetEndOfFile
SetFilePointer
WaitForMultipleObjects
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ExitProcess
VirtualAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WriteConsoleW
HeapFree
GetModuleHandleW
GetProcAddress
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetACP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
CreateFileW
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetOEMCP
SetStdHandle
GetModuleHandleExW
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
RaiseException
HeapSize
HeapReAlloc
CreateEventW
RtlUnwindEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fae62387e981eb2c7609e72044ae51d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 595KB - Virtual size: 594KB

.data Size: 139KB - Virtual size: 143KB

.pdata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 40B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 595KB - Virtual size: 594KB

.data
Size: 139KB - Virtual size: 143KB

.pdata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 40B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB