tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

5.5MB
MD5

f06d31cea22b26682e0fd8b2d55dabb8
SHA1

5dad9e0746e03f98f5ef7c863f3ffd68adabcc57
SHA256

3a1aaabd7bd910608f3b70abde4f8cace2c86c8a440cf75305d0437d164a6d84
SHA512

23c540b95995ec64203a832bb283227b7b21a0db9447fb1799d314578dd6f6c8899a588d7294845b448ee05c2c41bc21b56142761c31dbd986debc2f03baa28b
SSDEEP

98304:qyZjRSvAj9ti7CYcXzMlWiQBqP0hyOoDy+p0s6/NcXnyXljsdfHhzD66yMNidXP0:qV8fF0P0hyPpaiXnyM2MQNPTgiETESP

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows x86

8c695636c72ee5241d2a4b4961159419

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d5:7b:84:dd:41:f0
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

07/10/2013, 10:49

Not After

10/10/2014, 03:30

Subject

CN=上海劲玩网络科技有限公司,O=上海劲玩网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c0d7a796a403439796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:4f:b2:5e:1b:2b:6a:e7:5d:e5:d1:9b:19:95:fa:f4:c6:e5:4d:b1
Signer

Actual PE Digest

23:4f:b2:5e:1b:2b:6a:e7:5d:e5:d1:9b:19:95:fa:f4:c6:e5:4d:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
IsProcessorFeaturePresent
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
SetStdHandle
HeapQueryInformation
HeapSize
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetSystemDirectoryW
GlobalFlags
lstrlenA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DeleteFileW
lstrcmpiW
GetThreadLocale
WaitForSingleObject
ResumeThread
GetPrivateProfileStringW
GetPrivateProfileIntW
LocalAlloc
FileTimeToLocalFileTime
lstrcmpA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
lstrcmpW
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
GetLastError
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
UnmapViewOfFile
GetFileSize
FileTimeToSystemTime
SetFileTime
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateThread
GetCurrentThread
SetThreadPriority
GetCurrentProcess
lstrcatW
lstrcpyW
CloseHandle
WriteFile
CreateFileW
CreateProcessW
Sleep
WritePrivateProfileStringW
lstrlenW
GetProcAddress
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetVersionExW
SetErrorMode
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
FreeResource
GetModuleHandleW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

CharUpperW
DestroyMenu
GetMenuItemInfoW
LoadMenuW
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetSysColorBrush
CallWindowProcW
GetMenu
GetWindow
IntersectRect
InflateRect
CopyRect
GetWindowThreadProcessId
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
FindWindowW
GetIconInfo
wsprintfW
DrawIcon
GetSystemMetrics
GetKeyState
AppendMenuW
GetSystemMenu
EnableWindow
GetWindowRgn
WaitMessage
ReleaseCapture
PostMessageW
InvalidateRect
GetDC
ReleaseDC
DestroyCursor
SetCapture
GetCursorPos
KillTimer
SetWindowPos
SetWindowRgn
SetLayeredWindowAttributes
IsIconic
ScreenToClient
GetWindowRect
OffsetRect
IsZoomed
GetUpdateRect
GetFocus
LoadImageW
SetWindowLongW
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetDoubleClickTime
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DeleteMenu
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
CharUpperBuffW
GetWindowLongW
SetTimer
GetClientRect
SystemParametersInfoW
LoadIconW
SendMessageW
CopyIcon
DestroyIcon
SetRect
PtInRect
LoadCursorW
RealChildWindowFromPoint
CopyImage
SetRectEmpty
EnumDisplayMonitors
UnregisterClassW
WindowFromPoint
DefWindowProcW
FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
GetAsyncKeyState
NotifyWinEvent
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
GetClassInfoW

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
GetMapMode
PatBlt
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CreateBitmap
DeleteObject
DeleteDC
SetPixel
SelectObject
CombineRgn
CreateRectRgn
BitBlt
GetPixel
CreateSolidBrush
CreateFontW
GetTextExtentPoint32W
GetDeviceCaps
GetObjectW
GetStockObject
CreateFontIndirectW
CreateCompatibleBitmap
DPtoLP
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteW
SHChangeNotify
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
CommandLineToArgvW
DragFinish
DragQueryFileW
SHAppBarMessage

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
UrlUnescapeW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW

ole32

CoRegisterMessageFilter
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

VariantInit
SysAllocString
VariantCopy
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
VariantClear
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipDrawImageRectI
GdipDrawImageRectRect
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode

winmm

PlaySoundW
timeSetEvent
timeKillEvent
timeEndPeriod

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c695636c72ee5241d2a4b4961159419

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

21:d5:7b:84:dd:41:f0Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

23:4f:b2:5e:1b:2b:6a:e7:5d:e5:d1:9b:19:95:fa:f4:c6:e5:4d:b1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

winmm

oleacc

wininet

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 181KB - Virtual size: 180KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:6d:f8:a7
Certificate

21:d5:7b:84:dd:41:f0
Certificate

3d
Certificate

23:4f:b2:5e:1b:2b:6a:e7:5d:e5:d1:9b:19:95:fa:f4:c6:e5:4d:b1
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 181KB - Virtual size: 180KB