tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

550KB
MD5

37f24d777f06a274be6091e876910295
SHA1

fca8aa72cad4f30aac459d76bd71e8cfc9a7b367
SHA256

baa59def8aaad78906b5f1bde287224df378e6dfda62fa5a2279e6875d4d94f4
SHA512

f037d8c138de63cff11e96bb219c0f630d43434cf27c6c328108f508c0619238668803f9ef249b0f9fdc377f99ce7a56b60e5642397bc23cd7a1ff36e0d285e4
SSDEEP

12288:IOyHQh9UumAkbWjc+tENUtUnCzSeNSQILyKRAebec2:I3Hw9Uv+4hnCGeNSQILyKRAkN2

Score

1^/10

Malware Config

Signatures

Files

tmp
.exe windows:5 windows x86 arch:x86

69c707d8d91d12206664615aca14a69f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:ac
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25-01-2022 00:00

Not After

19-02-2025 23:59

Subject

CN=Beijing Jinwanwei Technology Co.\, Ltd.,O=Beijing Jinwanwei Technology Co.\, Ltd.,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:d6:73:b8:da:66:4f:2a:2f:80:a3:96:6b:83:89:fa:e6:a6:d8:fd
Signer

Actual PE Digest

ad:d6:73:b8:da:66:4f:2a:2f:80:a3:96:6b:83:89:fa:e6:a6:d8:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
SetErrorMode
SetUnhandledExceptionFilter
WriteFile
OutputDebugStringW
RaiseException
GetCurrentThreadId
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetLastError
GetModuleFileNameW
CreateFileW
GetFileSize
GetFileTime
CloseHandle
GetComputerNameW
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
lstrcpyW
GetProcAddress
GetModuleHandleA
GlobalMemoryStatus
CreateProcessW
GetPrivateProfileStringW
SetFilePointer
GetTickCount64
GetLocalTime
GetModuleFileNameA
SetLastError
VirtualProtect
FlushInstructionCache
FreeLibrary
LoadLibraryA
GetUserDefaultLangID
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
ExitProcess
HeapSize
HeapCreate
GetLocaleInfoW
GetStdHandle
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetCommandLineW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
HeapFree
MultiByteToWideChar
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange

user32

IsWindow
FindWindowW
LoadStringW
UpdateWindow
LoadAcceleratorsW
GetMessageW
SendMessageW
TranslateMessage
DispatchMessageW
LoadImageW
GetSystemMetrics
LoadCursorW
LoadIconW
RegisterClassExW
TranslateAcceleratorW
PostQuitMessage
SetParent
GetDesktopWindow
GetWindowTextA
SendMessageTimeoutW
wsprintfW
wvsprintfW
MessageBoxW
SetWindowTextW
GetParent
CallWindowProcW
SetRect
ShowWindow
MoveWindow
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
CheckMenuItem
GetMenu
PostMessageW
SetTimer
SetWindowLongW
GetWindowLongW
GetClientRect
CreateWindowExW

advapi32

GetUserNameW

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

MiniDumpWriteDump

libcef

cef_string_utf8_clear
cef_string_utf16_clear
cef_string_utf16_to_utf8
cef_string_utf16_set
cef_string_utf8_to_utf16
cef_string_utf16_cmp
cef_string_userfree_utf16_free
cef_shutdown
cef_enable_highdpi_support
cef_currently_on
cef_execute_process
cef_api_hash
cef_initialize
cef_base64encode
cef_uriencode
cef_post_task
cef_string_list_free
cef_string_list_alloc
cef_string_map_free
cef_string_map_alloc
cef_command_line_create
cef_log
cef_cookie_manager_get_global_manager
cef_process_message_create
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_browser_host_create_browser
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_list_value
cef_string_list_size
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_v8context_get_current_context
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_copy

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69c707d8d91d12206664615aca14a69f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:acCertificate

Extended Key Usages

Key Usages

ad:d6:73:b8:da:66:4f:2a:2f:80:a3:96:6b:83:89:fa:e6:a6:d8:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

dbghelp

libcef

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 33KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 43KB - Virtual size: 43KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:ac
Certificate

ad:d6:73:b8:da:66:4f:2a:2f:80:a3:96:6b:83:89:fa:e6:a6:d8:fd
Signer

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 33KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 43KB - Virtual size: 43KB