tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

2.4MB
MD5

82cf051811579ee4f1d9978af52f12db
SHA1

34122975ea9238001cb644955a1474f4d33f9e7b
SHA256

2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb
SHA512

1eb2df40b3e98a0289b2ccd51d0d0861c9e967220b745643210ecdda63e2aeebaf5940b2d0a319dd0ffc6754238aa0a897ee261d06528c645740082a07de3b73
SSDEEP

49152:M32RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrmEKhPlGRr4g0aQ7svt/:nyn/+GDhOcSb8HDhrK8rtGlGRr4+

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

4e688fb97df93999c8a802e65f41d0b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07-06-2012 00:00

Not After

06-06-2022 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:a8:4f:a5:03:f8:9b:49:83:96:bb:48:91:68:a5:80
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2014 00:00

Not After

07-01-2016 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge - SHA256,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:d4:28:61:af:9e:fa:ef:71:9b:f5:ad:01:7d:1f:d9:0c:f8:50:cb
Signer

Actual PE Digest

36:d4:28:61:af:9e:fa:ef:71:9b:f5:ad:01:7d:1f:d9:0c:f8:50:cb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

user32

DrawIcon
GetClientRect
wsprintfW
EnableWindow
SendMessageW
GetWindow
LoadIconW
GetWindowLongW
EnableMenuItem
KillTimer
PostMessageW
LoadImageW
IsIconic
GetWindowRect
SetTimer
GetSystemMenu
GetDesktopWindow
ReleaseDC
GetDC
IsRectEmpty
DestroyIcon
IsWindowVisible
IsWindow
InvalidateRect
InflateRect
GetIconInfo
SetRectEmpty
LoadCursorW
GetParent
GetFocus
DrawIconEx
FillRect
SetCursor
CheckMenuItem
SetMenuItemBitmaps
SetWindowLongW
UnregisterClassW
GetSystemMetrics
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
IsWindowEnabled
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetWindowRgn
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
LockWindowUpdate
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
SetParent
UnionRect
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
DrawFocusRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMenuDefaultItem
CreatePopupMenu
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
CharUpperW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DeleteMenu
CopyImage
IntersectRect
GetSysColorBrush
RealChildWindowFromPoint
LoadMenuW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SendDlgItemMessageA
RegisterClipboardFormatW
GetCursorPos
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem

ole32

CLSIDFromString
ReleaseStgMedium
OleDuplicateData
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CoGetClassObject
CoDisconnectObject
OleRun
CoUninitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
OleUninitialize
CreateILockBytesOnHGlobal
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitialize
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantCopy
VariantInit
SysFreeString
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
SafeArrayDestroy

shlwapi

PathIsFileSpecW
PathAppendW
PathRenameExtensionW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrRChrW
PathFileExistsW
PathRemoveBackslashW
PathIsNetworkPathW
PathGetDriveNumberW
PathIsRootW
PathIsDirectoryW
PathAddExtensionW

kernel32

WaitForMultipleObjects
lstrlenA
IsDBCSLeadByteEx
TerminateThread
OpenMutexW
GetLocalTime
SetEnvironmentVariableA
WriteConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
VirtualQuery
VirtualAlloc
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
HeapQueryInformation
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetFileTime
GetFileAttributesExW
SetErrorMode
GetWindowsDirectoryW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
GlobalGetAtomNameW
InitializeCriticalSection
GlobalFlags
GetTickCount
ResumeThread
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
FormatMessageW
GlobalSize
GlobalAlloc
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
FreeResource
OutputDebugStringA
GetFileSizeEx
CreateToolhelp32Snapshot
FindNextFileW
lstrcmpiW
Process32NextW
Process32FirstW
FindClose
SetLastError
FlushFileBuffers
lstrcmpW
CreateFileW
ReadFile
TerminateProcess
GetFileAttributesW
GetVersionExW
OpenProcess
WriteFile
GetCurrentProcess
MoveFileExW
FindFirstFileW
GetFileSize
CreateDirectoryW
GetUserDefaultUILanguage
GetTempPathW
GetExitCodeProcess
CopyFileW
GetUserDefaultLangID
CreateProcessW
GetDriveTypeW
LockResource
SizeofResource
LoadResource
FindResourceW
CreateThread
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
SetCurrentDirectoryW
CreateEventW
ResetEvent
GetProcAddress
GetStdHandle
GetModuleFileNameW
FreeConsole
LoadLibraryW
GetModuleHandleW
SetEvent
FreeLibrary
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetCurrentProcessId
CloseHandle
ReleaseMutex
OpenSemaphoreW
LocalAlloc
CreateSemaphoreW
ReleaseSemaphore
Sleep
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount

gdi32

GetDeviceCaps
GetObjectW
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateRoundRectRgn
GetTextFaceW
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
OffsetRgn
EnumFontFamiliesExW
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
DeleteDC
CreateFontIndirectW
CreateBitmap
DeleteObject
SelectObject
GetStockObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHCreateDirectoryExW
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
CommandLineToArgvW
ord680
ShellExecuteW

uxtheme

GetThemePartSize
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
IsAppThemed
GetThemeSysColor
GetWindowTheme
DrawThemeText

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePalette

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpReceiveResponse

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e688fb97df93999c8a802e65f41d0b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

35:a8:4f:a5:03:f8:9b:49:83:96:bb:48:91:68:a5:80Certificate

Extended Key Usages

Key Usages

36:d4:28:61:af:9e:fa:ef:71:9b:f5:ad:01:7d:1f:d9:0c:f8:50:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

user32

ole32

oleaut32

shlwapi

kernel32

gdi32

msimg32

winspool.drv

advapi32

shell32

uxtheme

oledlg

oleacc

gdiplus

imm32

winmm

winhttp

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 420KB - Virtual size: 419KB

.data Size: 37KB - Virtual size: 71KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 142KB - Virtual size: 142KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

35:a8:4f:a5:03:f8:9b:49:83:96:bb:48:91:68:a5:80
Certificate

36:d4:28:61:af:9e:fa:ef:71:9b:f5:ad:01:7d:1f:d9:0c:f8:50:cb
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 420KB - Virtual size: 419KB

.data
Size: 37KB - Virtual size: 71KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 142KB - Virtual size: 142KB