tmpgdpgzku0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmpgdpgzku0
Size

481KB
MD5

96a1a74fca90733a02af100c7ceae621
SHA1

3e9fcbe44e5d723ec08a74608b7c77664ffef739
SHA256

0797e039a0995fe5ac24d44dae31a95bb9a737e5bf4481180e85b2c2e5c603a6
SHA512

dc72fa0c79b80bbd026d92ecf0456c12ba3fa13cae43eaeba190aeffa19b4966ac6f1558b64ec80a46613300ab97e3dc1f762170a96f92fe305c3624b3e381ea
SSDEEP

12288:54TMtKKDDhiJz2pMc9VMt0CF4QsyHY+49zqlBAdlGK97yaBTk:arvFOyOdF9OaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmpgdpgzku0

Files

tmpgdpgzku0
.exe windows:6 windows x86

90434423db4401a2038985527497486a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord205

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

kernel32

LocalFree
DeleteCriticalSection
GetProcessHeap
FreeLibrary
GetCurrentProcess
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
SizeofResource
EnterCriticalSection
WriteFile
GetModuleFileNameW
LeaveCriticalSection
CreateFileW
GetCurrentThreadId
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetCurrentProcessId
FlushFileBuffers
ExpandEnvironmentStringsW
GetProcAddress
GetSystemDefaultLangID
CreateProcessW
GetEnvironmentStringsW
GetExitCodeProcess
RaiseException
lstrcmpiW
LoadLibraryExW
GetModuleFileNameA
SetLastError
GetModuleHandleExW
OutputDebugStringA
InitializeProcThreadAttributeList
FormatMessageW
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentPackageFamilyName
GetCurrentPackageFullName
DebugBreak
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetFileAttributesW
GetSystemDirectoryW
GetCurrentDirectoryW
TlsFree
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
HeapDestroy
DecodePointer
HeapAlloc
LoadLibraryW
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetCommandLineA
GetCommandLineW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
WaitForSingleObject
WriteConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
TlsSetValue
TlsGetValue
FreeLibraryAndExitThread
ExitThread
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
FormatMessageA
GetLocaleInfoEx
GetStringTypeW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
EncodePointer
LCMapStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CompareStringEx
GetCPInfo
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
CreateThread

user32

LoadStringW
CharNextW
MessageBoxW

advapi32

RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetKnownFolderPath
ShellExecuteExW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90434423db4401a2038985527497486a

Headers

DLL Characteristics

File Characteristics

Imports

msi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 18KB - Virtual size: 17KB