tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

189KB
MD5

e524d8066aa47ae1da9a73ee3eeb2262
SHA1

dc7cf5808417cd8d271e8270f44a1beb95c23ec0
SHA256

ca30c42334fcc693320772b4ce1df26fe5f1d0110bc454ec6388d79dffea4ae8
SHA512

8f483aab019f721f63a5eb0427dee67f9f6b470dae8e0fb62902350d96f2c91b315ee76e236d5b640a565c06d5b5de19e688c272d584f4d1fe895777c3f98aae
SSDEEP

3072:W0ovoKI7BrcPRLokQUsdXuCDZ+GqWr2LshbX1xiaY6t5czEx2F870KO8H7kAkFpa:QoKIYKkydD0GtMsBX1xlVrUEgQy8H7kR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows x86

72779b978cbe963afc19d5595ff38c1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
DispatchMessageA
LoadMenuW
DrawStateW
CreateDesktopA
CharToOemA
GetMessageA
LoadCursorA
IsDialogMessageA
GetClassLongW
LoadBitmapA
GetPropA
PeekMessageW
LoadIconW

advapi32

OpenServiceW
RegRestoreKeyA
GetUserNameW
RegCreateKeyExA
ControlService
RegUnLoadKeyW
RegDeleteValueA
CryptSignHashA
RegOpenKeyW
OpenEventLogA

kernel32

QueryDosDeviceW
RemoveDirectoryA
OpenMutexA
CloseHandle
FindResourceW
CompareStringW
VirtualProtect
GetModuleHandleW
GetLastError
CreateJobObjectW
WriteFile
WaitForSingleObjectEx
CreateFileW
SetLastError
CreateMutexW
VirtualAllocEx
InterlockedDecrement
GetLongPathNameW
LoadLibraryA
GetOEMCP
GetCurrentProcess
CreateFileMappingA
ExitThread
DeleteFileA
MoveFileExW
FindFirstFileW
ReadConsoleA
UnmapViewOfFile
GetSystemDirectoryA
OpenJobObjectW
GetSystemTime

crypt32

CertCreateCRLContext
CertCloseStore
CertCompareCertificate

modemui

drvCommConfigDialogA
drvGetDefaultCommConfigA
InvokeControlPanel
drvCommConfigDialogA
drvSetDefaultCommConfigA

shell32

SHDefExtractIconW
ShellExecuteW
Shell_NotifyIconA
DragQueryFileA
SHGetFolderPathW
StrStrW
FindExecutableA
ExtractIconW
SHFree
ShellExecuteW
SHGetFileInfoW
SHGetDataFromIDListA
SHFileOperationA
SHQueryRecycleBinW
StrRChrA
ShellMessageBoxA

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.udata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.wdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.relok
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72779b978cbe963afc19d5595ff38c1f

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

crypt32

modemui

shell32

Sections

.text Size: 180KB - Virtual size: 180KB

.udata Size: 2KB - Virtual size: 2KB

.wdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.relok Size: 1KB - Virtual size: 1KB

.text
Size: 180KB - Virtual size: 180KB

.udata
Size: 2KB - Virtual size: 2KB

.wdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.relok
Size: 1KB - Virtual size: 1KB