tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

333KB
MD5

ead42ac96349622123b11eaf4e1f7485
SHA1

04c6d809013f3e7884d4b2d99586c3d0a3186e14
SHA256

d647785d5f23cd082c8a125b0d31c6f9df408be2406e0e3dd5a2ad51dcbce211
SHA512

4f1939b73d21e216fbb4cea987edd7bdf083c90e114714790f3cddd6eb79444e3e38f2361b649d405f8b5e6d5e3a0b047a6d44add87eb72aaf88b89d1a96d55f
SSDEEP

3072:NkCGl1/I5wJ5pdPtvt39S/4fW1faT5DVGrirt6tkBJAJr1eLD8HZZzw8K0ixhi4X:qCoOax9SrgT5J2iUtu1Iixhi4UOHF

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows:4 windows x86

092ac3c9c448961b2aeeca4e0b4f806d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:88:25:ea:b9:f4:16:5e:52:36:73:33:07:84:2c:9d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13/01/2014, 00:00

Not After

12/02/2015, 23:59

Subject

CN=KOINO Co.\,Ltd.,O=KOINO Co.\,Ltd.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:fc:6e:c2:62:fa:1e:3d:ca:63:5c:a9:7a:b9:d7:8a:89:7b:10:3f
Signer

Actual PE Digest

5e:fc:6e:c2:62:fa:1e:3d:ca:63:5c:a9:7a:b9:d7:8a:89:7b:10:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetConnectA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetErrorDlg

kernel32

WriteFile
CreateFileA
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
SetFilePointer
GetLastError
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
WideCharToMultiByte
GetVersionExA
SetThreadLocale
GetSystemDefaultLangID
SetCurrentDirectoryA
OutputDebugStringA
Sleep
DeleteFileA
LocalFree
LocalAlloc
lstrlenW
GetModuleFileNameA
CreateThread
GetModuleHandleA
WaitForSingleObject
lstrcpyA
GetFileAttributesA
lstrcmpiA
lstrcatA
CloseHandle
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
GetEnvironmentStringsW
RaiseException
HeapAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
ReadFile
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
lstrlenA
GetStringTypeA
IsBadCodePtr
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
CompareStringA
CompareStringW
SetFileTime
SetEnvironmentVariableA

user32

CopyRect
IsWindow
GetDesktopWindow
EnumWindows
GetWindowTextA
GetClientRect
SetFocus
FillRect
KillTimer
GetDlgItemTextA
SetDlgItemTextA
SetTimer
MessageBoxA
PostQuitMessage
PostMessageA
CallWindowProcA
LoadStringA
GetWindowLongA
SystemParametersInfoA
GetWindowRect
SetWindowPos
SetForegroundWindow
SetWindowLongA
GetDlgItem
SendMessageA
LoadImageA
EndDialog
DialogBoxParamA
wsprintfA

gdi32

DeleteObject
CreateSolidBrush

advapi32

RevertToSelf
OpenProcessToken
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
ImpersonateLoggedOnUser

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

092ac3c9c448961b2aeeca4e0b4f806d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1e:88:25:ea:b9:f4:16:5e:52:36:73:33:07:84:2c:9dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:fc:6e:c2:62:fa:1e:3d:ca:63:5c:a9:7a:b9:d7:8a:89:7b:10:3fSigner

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 28KB

.sxdata Size: 4KB - Virtual size: 124B

.rsrc Size: 196KB - Virtual size: 194KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1e:88:25:ea:b9:f4:16:5e:52:36:73:33:07:84:2c:9d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:fc:6e:c2:62:fa:1e:3d:ca:63:5c:a9:7a:b9:d7:8a:89:7b:10:3f
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 28KB

.sxdata
Size: 4KB - Virtual size: 124B

.rsrc
Size: 196KB - Virtual size: 194KB