tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

9.6MB
MD5

730f1cd9a1cc2cac615af26c31478124
SHA1

cca61f3e3bfbdb6f83e965699b29bb2e107e0cfa
SHA256

b9bb81ce922735da635e1ad4172809dbf8e13dd84d0d74b7fe7df58697c7647c
SHA512

2c4b8ef8d41cd0d2b48f19cb7b359548085e01b5553a703213e52f100625d2561a5154fc01e89ee97640dbd3923aa420a0547d14e92cb55f2981f1f01bc9267a
SSDEEP

196608:4WnSh1h8nk9mOCO63fXu+DfYGjRHRFO2wKL8nk47VG3cqK:4WSP63m+sOR82w5k4Usq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:5 windows x86

a96d570c6dc38c7db934035aa6d6a428

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXGetImageInfoFromFileInMemory
D3DXMatrixTransformation2D
D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

kernel32

FreeLibrary
DeleteCriticalSection
CreateFileW
GlobalFree
GetProcessId
IsWow64Process
lstrlenA
GetLogicalDriveStringsA
QueryDosDeviceA
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSize
WriteFile
ReadFile
GetFileTime
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
GetTempPathA
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LocalFree
GetLastError
InterlockedIncrement
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileAttributesA
MoveFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
FormatMessageA
GetComputerNameA
HeapCreate
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetTickCount
GetCPInfo
GetStdHandle
SetHandleCount
HeapSize
GetLocalTime
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleW
GetProcessHeap
GetFileType
GetDriveTypeA
FileTimeToLocalFileTime
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
UnhandledExceptionFilter
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
VirtualAlloc
VirtualFree
GetThreadContext
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
InterlockedDecrement
CreateFileMappingA
UnmapViewOfFile
MulDiv
DuplicateHandle
GetCurrentThread
TryEnterCriticalSection
InterlockedExchangeAdd
SetEndOfFile
GetSystemInfo
MapViewOfFile
InterlockedExchange
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
DeleteFileA
SetConsoleTitleA
AllocConsole
Sleep
GlobalAlloc
CreateFileA
GetFileAttributesA
GlobalUnlock
GlobalLock
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
OutputDebugStringA
OpenEventA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
GetVersionExA
GetProcAddress
GlobalMemoryStatusEx
CopyFileA
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA
CreateDirectoryA
FindFirstFileA
FindClose

user32

MessageBoxA
GetCapture
GetForegroundWindow
IsChild
SetCursor
RegisterClassExA
DestroyWindow
UnregisterClassA
wvsprintfW
EmptyClipboard
SetClipboardData
ScreenToClient
SetCursorPos
ShowCursor
GetSystemMetrics
GetClientRect
ClientToScreen
PostQuitMessage
PeekMessageW
GetMessageW
RegisterClassA
CreateWindowExA
SetFocus
UpdateWindow
LoadStringW
SetRect
AdjustWindowRect
GetWindowLongA
SetWindowPos
ClipCursor
ReleaseCapture
GetCursorPos
GetWindowRect
SetCapture
DefWindowProcA
SetWindowLongA
LoadIconA
SetWindowTextA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetCaretBlinkTime
GetFocus
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
GetAsyncKeyState
SwitchToThisWindow
BeginPaint
EndPaint
SetClipboardViewer
ChangeClipboardChain
InvalidateRect
SendMessageA
LoadCursorA
GetActiveWindow

gdi32

SetTextAlign
SetBkColor
SetTextColor
DeleteObject
SetMapMode
CreatePen
ExtTextOutA
MoveToEx
GetTextExtentPoint32A
SelectObject
LineTo
CreateCompatibleDC
CreateDIBSection
CreateFontA
DeleteDC
GetDeviceCaps
CreateICA
GetStockObject

advapi32

CryptAcquireContextA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
CryptReleaseContext
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW
RegOpenKeyExA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

iphlpapi

GetAdaptersInfo
SendARP
GetPerAdapterInfo

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

ws2_32

getsockopt
setsockopt
ioctlsocket
WSAGetLastError
socket
WSAStartup
ntohs
inet_ntoa
getsockname
gethostbyname
inet_addr
htons
connect
select
__WSAFDIsSet
bind
closesocket
shutdown
recv
send

dinput8

DirectInput8Create

crypt32

CryptEncodeObject
CryptDecryptMessage
CryptEncryptMessage
CertFreeCertificateContext
CertNameToStrW
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptMsgOpenToDecode
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 822KB - Virtual size: 821KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a96d570c6dc38c7db934035aa6d6a428

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

dbghelp

bcrypt

dwmapi

imm32

ws2_32

dinput8

crypt32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 822KB - Virtual size: 821KB

.data Size: 1024KB - Virtual size: 1.7MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 194KB - Virtual size: 194KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 822KB - Virtual size: 821KB

.data
Size: 1024KB - Virtual size: 1.7MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 194KB - Virtual size: 194KB