temp[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

temp.exe
Size

835KB
MD5

281d89a348f0e75ee1a3b7b376c6708f
SHA1

7072a83209314d46521522adaad5824e565fd4f4
SHA256

6aaec24bf89964667a585cdc6bce5f1604ac5a7bff5dfc25010ffa28f7b28de2
SHA512

bd6732a386f5a341dfbe1521082b2c951036493f56fcd23d4bbdb1ad122373e26653ce8c0cea7b8511e5c9f6a7ba7ef037c18580c5997698dfb237cb9c6c0cad
SSDEEP

6144:/Z+kph/PUXUwb7JkFbuG+FMwBNcqBmmGnOGRD/gWLA0iKG1/+F0PCweh3BEIuer9:R+XqhAMNqWOGR7gP0dwTSNmddCVgM37D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
temp.exe

Files

temp.exe
.exe windows x64

d8621c2e6d05653598b05a07b14f9f8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_AddMasked
InitCommonControlsEx

powrprof

SetSuspendState

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipGetImageEncoders
GdipFree
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize

kernel32

WideCharToMultiByte
DeviceIoControl
FindNextFileW
FreeResource
LockResource
LoadResource
FindResourceW
EnumResourceNamesW
GetUserDefaultUILanguage
LocalAlloc
lstrcpynW
FreeLibrary
SetLastError
LoadLibraryW
GetFileSize
TerminateThread
CreateThread
SetErrorMode
SetFileAttributesW
RemoveDirectoryW
GetExitCodeThread
GetProcessAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetCurrentThread
WaitForMultipleObjects
ReadFile
GetModuleFileNameA
GetVersion
HeapReAlloc
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
ReleaseMutex
DeleteCriticalSection
GetFileType
SetHandleCount
GetStringTypeW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
MultiByteToWideChar
GetTimeZoneInformation
FlsAlloc
GetCurrentThreadId
FlsFree
FlsSetValue
FlsGetValue
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
HeapCreate
HeapSetInformation
GetStdHandle
ExitProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
DeleteFileA
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
HeapFree
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
HeapAlloc
LoadLibraryA
FindFirstFileW
FindClose
GetFileSizeEx
GetCurrentProcess
CloseHandle
GetModuleHandleW
GetProcAddress
GetVersionExW
GetLocalTime
GetTickCount
GetModuleFileNameW
FormatMessageW
MulDiv
GetLastError
CreateFileA
CompareStringW
SetEnvironmentVariableW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA
LocalFree
UnmapViewOfFile
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
Sleep
CreateFileW
WriteFile
DeleteFileW
GetCPInfo
OpenMutexW
SetFilePointer

user32

DestroyMenu
DrawMenuBar
GetWindowTextW
OffsetRect
MapDialogRect
SetRectEmpty
GetDialogBaseUnits
LoadMenuW
DestroyIcon
GetSystemMetrics
GetParent
MapWindowPoints
GetClassNameW
GetMenuItemCount
GetMenuItemInfoW
GetClassInfoExW
GetDlgCtrlID
SetFocus
GetSysColorBrush
SystemParametersInfoW
FillRect
DrawTextExW
ExitWindowsEx
ReleaseDC
GetDC
CallWindowProcW
GetSysColor
GetMenuStringW
SetMenuItemInfoW
ScreenToClient
CreateDialogParamW
LoadStringW
LoadAcceleratorsW
FindWindowW
IsIconic
PostMessageW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconW
RegisterClassExW
RegisterWindowMessageA
RegisterWindowMessageW
DefWindowProcW
GetSubMenu
GetCursorPos
TrackPopupMenu
PostQuitMessage
DestroyWindow
DialogBoxParamW
EnableMenuItem
GetMenuState
GetMenu
CheckMenuItem
GetClientRect
SetWindowLongW
SetTimer
KillTimer
GetWindowLongW
AdjustWindowRect
EnumChildWindows
SendNotifyMessageW
EnableWindow
GetDlgItem
EndDialog
SetWindowLongPtrW
SetWindowTextW
SetWindowPos
CreateWindowExW
SetForegroundWindow
UpdateWindow
GetWindowRect
LoadBitmapW
SendMessageW
InvalidateRect
ShowWindow
LoadCursorW
SetCursor
MessageBoxW
GetWindowLongPtrW
CopyRect

gdi32

CreateFontW
CreateDIBSection
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
SetTextColor
SetBkColor
GetDeviceCaps
TextOutW
SetTextAlign
CreateBrushIndirect
CreateBitmap
CreateFontIndirectW

comdlg32

ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
RegOpenKeyExA
RegQueryValueExA
ControlService
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
DeleteService

shell32

ExtractIconW
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

PathRemoveFileSpecW
PathAppendW
PathIsFileSpecW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8621c2e6d05653598b05a07b14f9f8c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

powrprof

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

version

Sections

.text Size: 484KB - Virtual size: 483KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 14KB - Virtual size: 156KB

.pdata Size: 26KB - Virtual size: 25KB

text Size: 2KB - Virtual size: 2KB

data Size: 3KB - Virtual size: 2KB

.rsrc Size: 111KB - Virtual size: 110KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 484KB - Virtual size: 483KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 14KB - Virtual size: 156KB

.pdata
Size: 26KB - Virtual size: 25KB

text
Size: 2KB - Virtual size: 2KB

data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 6KB - Virtual size: 5KB