tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

5.3MB
MD5

0ad7003c6965f737366af210fff957bc
SHA1

c91fda630528b61bd55def714b0309ae0caa6579
SHA256

24cdee0968cc415619396be83a0fb99ef721cc1a0bba2766fa25417cf97ca68f
SHA512

e07b1ef851898271014d83b7cdf6e32739db5ddda2dd64f32c584b803c7273f877cf9d83c17308eed8e8f65eb9a23dfbc92ace8be478d03424bcf1d697eec247
SSDEEP

49152:RnMwoQz4pfQW/IAydP6rbJ4B0MSNbMuEaiZPYGH+JjW5dwpZo7GJkSAPzVrAJDLT:RMQMVxk0FbMuzWwXJUVa9qyIrwfufO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:6 windows x64 arch:x64

b371fbc67ace5700a8bc63f92755789c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

GetFinalPathNameByHandleW
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
SetLastError
FindClose
SleepConditionVariableSRW
GetQueuedCompletionStatusEx
ReleaseSRWLockExclusive
SwitchToThread
SetFileInformationByHandle
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
CreateIoCompletionPort
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
CreateMutexA
LoadLibraryExW
LoadLibraryA
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
GetModuleFileNameW
CreateFileW
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TryAcquireSRWLockExclusive
IsProcessorFeaturePresent
GetProcessHeap
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
HeapAlloc
WakeAllConditionVariable
AcquireSRWLockExclusive
HeapReAlloc
GetSystemInfo
SetFileCompletionNotificationModes
GetLastError
WakeConditionVariable
CloseHandle
ReadFile
InitializeSListHead
IsDebuggerPresent
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindFirstFileW
WaitForSingleObjectEx

oleaut32

SafeArrayGetLBound
SysFreeString
SafeArrayUnaccessData
VariantClear
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy

advapi32

FreeSid
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
SystemFunction036
RegCloseKey

ws2_32

getpeername
WSAGetLastError
accept
listen
bind
shutdown
getsockname
socket
ioctlsocket
connect
closesocket
getsockopt
WSASend
WSASocketW
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
select
recv
WSAIoctl
send

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession

crypt32

CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CryptUnprotectData
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

bcrypt

BCryptGenRandom

secur32

ApplyControlToken
EncryptMessage
DecryptMessage
DeleteSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
FreeCredentialsHandle
QueryContextAttributesW

gdi32

CreateCompatibleDC
CreateDCW
GetDeviceCaps
DeleteDC
DeleteObject
GetObjectW
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

api-ms-win-crt-math-l1-1-0

roundf
powf
exp2f
truncf
_dclass
log
ceil
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strcspn
strcpy_s
wcsncmp
strlen

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_set_new_mode
calloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
abort
_seh_filter_exe
_register_onexit_function
_endthreadex
_initialize_onexit_table
exit
_exit
_beginthreadex
__p___argc
__p___argv
_c_exit
terminate
_register_thread_local_exe_atexit_callback
_crt_atexit
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b371fbc67ace5700a8bc63f92755789c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

oleaut32

advapi32

ws2_32

rstrtmgr

crypt32

user32

bcrypt

secur32

gdi32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 81KB - Virtual size: 80KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 81KB - Virtual size: 80KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 34KB - Virtual size: 34KB