tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

6.8MB
MD5

94642a06cbdb253bfbe5fd3a3a59e0f0
SHA1

8614c53c38319f9e6e727f2e02d6137c578cc595
SHA256

0985f174d1990cea054645224575e0c0ce0aab18842f2b035ae13dc79d46bc27
SHA512

637c211bc598a59caf6137a6dd12729a8f6e33830f4594b544aeba3cc3155821c7a41aa8bef390007f229a2047b975c646d8750e6969662e3f89f0011521f40b
SSDEEP

98304:xQuZ3IDt+Rq/+xNgmfgRDyta8YowxB14Dc/LPF/6r0RINEaXcnxb5:xQuZ3oAq/+xNgmfgR+DGF/6cINB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:5 windows x86

301a159f8394e885eed5e8400691b3ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

kernel32

FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetCPInfo
GetStdHandle
SetHandleCount
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
GetModuleHandleW
GetFileType
GetDriveTypeA
FileTimeToLocalFileTime
RaiseException
RtlUnwind
GetStartupInfoA
UnhandledExceptionFilter
VirtualProtect
CreateRemoteThread
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
FreeLibrary
FindNextFileW
DeleteCriticalSection
CreateFileW
GetFileSize
WriteFile
ReadFile
GetFileTime
FormatMessageA
GetComputerNameA
ExitThread
GetSystemTimeAsFileTime
GetThreadId
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
VirtualQuery
GetProcessHeap
HeapAlloc
GetStringTypeA
GetCommandLineA
MoveFileA
GetOEMCP
GetACP
GetTickCount
GetLocalTime
GetSystemTime
HeapFree
GetProcessId
QueryFullProcessImageNameA
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
CopyFileA
GlobalMemoryStatusEx
GetProcAddress
GetVersionExA
WaitForSingleObject
TerminateThread
GetCurrentThreadId
CreateFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileExW
FindFirstFileA
FindClose
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
OpenEventA
VerSetConditionMask
VerifyVersionInfoA
ReadProcessMemory
VirtualAlloc
VirtualFree
Thread32First
Thread32Next
OpenThread
SetUnhandledExceptionFilter
GetCurrentProcessId
Module32First
Module32Next
InterlockedDecrement
CreateFileMappingA
UnmapViewOfFile
MulDiv
DuplicateHandle
GetCurrentThread
GetTempPathA
TryEnterCriticalSection
InterlockedExchangeAdd
SetEndOfFile
GetSystemInfo
MapViewOfFile
InterlockedExchange
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
QueryPerformanceCounter
VerifyVersionInfoW
ExpandEnvironmentStringsW
lstrcmpW
GetSystemDirectoryW
LocalAlloc
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetTempPathW
GetCurrentDirectoryW
GetLocaleInfoA
GetUserDefaultLCID
GetFullPathNameW
LocalFree
GetLastError
InterlockedIncrement
ExitProcess
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileAttributesA
QueryPerformanceFrequency
DeleteFileA
SetConsoleTitleA
AllocConsole
GlobalAlloc
Sleep
GlobalUnlock
GlobalLock
CreateThread
GetCurrentProcess
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
OutputDebugStringA
GetModuleHandleA
GetStringTypeW

user32

EnumDisplayDevicesA
GetMonitorInfoA
ShowCursor
ClientToScreen
GetClientRect
ReleaseDC
EnumDisplayMonitors
GetSystemMetrics
IsWindowVisible
GetClassNameA
GetWindowThreadProcessId
EnumWindows
DrawTextA
UnregisterClassA
DestroyWindow
RegisterClassExA
LoadImageA
GetWindowTextA
GetForegroundWindow
GetDC
RegisterClassA
CreateWindowExA
GetActiveWindow
InvalidateRect
UpdateWindow
BeginPaint
EndPaint
SetClipboardViewer
ChangeClipboardChain
PeekMessageW
GetMessageW
SetFocus
SendMessageA
FindWindowA
SwitchToThisWindow
GetAsyncKeyState
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyState
GetFocus
GetCaretBlinkTime
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ShowWindow
SetWindowTextA
SetWindowLongA
DefWindowProcA
SetCapture
GetWindowRect
GetCursorPos
ReleaseCapture
ClipCursor
SetWindowPos
GetWindowLongA
AdjustWindowRect
SetRect
LoadStringW
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage

gdi32

GetObjectA
GetStockObject
CreateFontA
CreateCompatibleDC
LineTo
MoveToEx
ExtTextOutA
CreatePen
SetMapMode
CreateDIBSection
SetTextAlign
SetBkColor
SetTextColor
DeleteObject
GetTextExtentPoint32A
SelectObject
BitBlt
CreateCompatibleBitmap
SetBkMode
DeleteDC
GetDeviceCaps
CreateICA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW
RegGetValueA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
RegQueryValueExA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

psapi

GetModuleInformation
GetModuleBaseNameA

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntryA
DeleteUrlCacheEntry
FtpPutFileA
FtpCreateDirectoryA
InternetConnectA

dbghelp

MiniDumpWriteDump
ImageNtHeader
MakeSureDirectoryPathExists

sensapi

IsNetworkAlive

gdiplus

GdipSaveImageToStream
GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP

wsock32

ioctlsocket
getsockopt
setsockopt
inet_ntoa
WSAGetLastError
socket
WSAStartup
send
inet_addr
getsockname
gethostbyname
ntohs
htons
connect
select
__WSAFDIsSet
bind
closesocket
shutdown
recv

dinput8

DirectInput8Create

crypt32

CertNameToStrW
CertFreeCertificateContext
CryptEncryptMessage
CertDuplicateCertificateContext
CryptEncodeObject
CryptDecryptMessage
CryptMsgOpenToDecode
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

301a159f8394e885eed5e8400691b3ff

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

psapi

urlmon

wininet

dbghelp

sensapi

gdiplus

wsock32

dinput8

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 760KB - Virtual size: 760KB

.data Size: 99KB - Virtual size: 6.2MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 174KB - Virtual size: 174KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 760KB - Virtual size: 760KB

.data
Size: 99KB - Virtual size: 6.2MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 174KB - Virtual size: 174KB