tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

39KB
MD5

5f55883a5daf89945c4705200a8b6edb
SHA1

29d96c80afa07187fa012ebc4285a645e3480425
SHA256

cdd0dda41fce039c066534554d5bd81363e570031b6b0c5a364d2b97b0a60627
SHA512

cf57b57145a9105dcd590077342ef124ee955ea1d4d1b7717f98246a16f145b5b31453d84aeb6bacf04491f396adddcc7b4be311a8b5b48ad8ee0822106699a2
SSDEEP

768:Il9r5h3IRvh1Ik/bvqUVIjb3NlTQ/vOENAMxK+mg:6RLS1IabPOlU/xR

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows:6 windows x86

91990a4dd4e5ea1aa73778c8ab950241

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:7b:ca:50:2f:db:ac:d3
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

10/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto
ExtKeyUsageIPSECEndSystem
ExtKeyUsageIPSECTunnel
ExtKeyUsageIPSECUser
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:52:a9:b9:77:f7:38:55
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

29/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto
ExtKeyUsageIPSECEndSystem
ExtKeyUsageIPSECTunnel
ExtKeyUsageIPSECUser
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:54:5b:9c:2d:f1:e7:a1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

10/10/2024, 11:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:a4:d1:8c:68:1f:e4:5b:e2:48:71:2c:32:da:65:b6:e3:af:a2:17
Signer

Actual PE Digest

6c:a4:d1:8c:68:1f:e4:5b:e2:48:71:2c:32:da:65:b6:e3:af:a2:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
CreateRemoteThread
OpenProcess
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
GetProcAddress
SetConsoleTextAttribute
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SetCurrentConsoleFontEx
GetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

user32

SetActiveWindow
FindWindowA
MessageBoxA

comdlg32

GetOpenFileNameA

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

winmm

PlaySoundA

vcruntime140

_except_handler4_common
__std_exception_destroy
__current_exception_context
__current_exception
memset
memcmp
memmove
_CxxThrowException
__CxxFrameHandler3
__std_exception_copy
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_seh_filter_exe
exit
_invalid_parameter_noinfo_noreturn
_initterm
_set_app_type
_get_initial_narrow_environment

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__p__commode
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

wcscpy_s
strlen
strcmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91990a4dd4e5ea1aa73778c8ab950241

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

19:7b:ca:50:2f:db:ac:d3Certificate

Extended Key Usages

Key Usages

3c:52:a9:b9:77:f7:38:55Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

75:54:5b:9c:2d:f1:e7:a1Certificate

Extended Key Usages

Key Usages

6c:a4:d1:8c:68:1f:e4:5b:e2:48:71:2c:32:da:65:b6:e3:af:a2:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

msvcp140

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

19:7b:ca:50:2f:db:ac:d3
Certificate

3c:52:a9:b9:77:f7:38:55
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

75:54:5b:9c:2d:f1:e7:a1
Certificate

6c:a4:d1:8c:68:1f:e4:5b:e2:48:71:2c:32:da:65:b6:e3:af:a2:17
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB