tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

4.2MB
MD5

c266eeedad7688dee02ec7485839a9b6
SHA1

26aca2e0d860e9bb91a09a8fc30b0dc3761b47d6
SHA256

38a33ec039323a2aecb9127a67392b6535581487af1ba6a4a223b266cb2ff19b
SHA512

d7e50f215c77150d775688fa13a4987afe2a241216f56b34a964fdc898f8964bd82014bed5c75de901aa897a5281649541ec3b33772f6a950267f19fabfdd54c
SSDEEP

98304:f6gzER6IGKlnoyAWan8jiQVSVkdwuw2sY6B2r9uqaVOG:f/EQIGCnjVaMPEcwuw26B2rcqaVO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x86

c74182c544e858100d13e139dda9a3da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetWindowsDirectoryA
GlobalFree
GlobalUnlock
GlobalHandle
_lclose
_llseek
_lread
_lopen
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GetVersion
GetModuleFileNameA
WriteFile
GetSystemTime
LocalFree
ExitProcess
FormatMessageA
GetLastError
GetModuleHandleA
GetVolumeInformationA
WideCharToMultiByte
CreateProcessA
CloseHandle
RemoveDirectoryA
FindNextFileA
DeleteFileA
GetTickCount
GetLongPathNameA
GetTempPathA
GetCommandLineA
WaitForSingleObject
CopyFileA
GetFileAttributesA
LoadLibraryExA
GetSystemDirectoryA
SetErrorMode
MultiByteToWideChar
GetLocalTime
lstrlenA
CreateFileW
ReadFile
SetFilePointer
GetEnvironmentVariableA
GetDriveTypeA
LocalAlloc
DosDateTimeToFileTime
GetVersionExA
LocalFileTimeToFileTime
SetFileTime
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindFirstFileA
FindClose
lstrcmpiA
GetProcAddress
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers

gdi32

SetBkColor
SetTextColor
SetTextAlign
GetBkColor
GetTextExtentPoint32A
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject
DeleteObject
ExtTextOutA

advapi32

RegQueryValueA

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c74182c544e858100d13e139dda9a3da

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 58KB

.rsrc Size: 116KB - Virtual size: 114KB

_winzip_ Size: 4.1MB - Virtual size: 4.1MB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 58KB

.rsrc
Size: 116KB - Virtual size: 114KB

_winzip_
Size: 4.1MB - Virtual size: 4.1MB