tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

1.3MB
MD5

4128660de2daadbd94b7462c4c1e909e
SHA1

33a981cb02c5b62e0d3f6cbf777739b2a8d21a79
SHA256

32ef7b7cece7bd3a58bc1ff82b58c5b58d42c4700d7e54cb6ef295346527f027
SHA512

c54737c8877f59248db39234a43cf732a722e8d91c7b7ac98a3b562f97885dcb4ee4c10212e495122426f7114058435cdf82bd6e80bb2b8edd71161dfccbc0d2
SSDEEP

24576:NPBrKmkiewuEbBgFTck83Y5Rqi5hymAfjQn652fO3x:FdotEbBDkb5Rqifs2d8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:6 windows x64 arch:x64

85cc47fb9a17c05789a129c88e8a2d94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Release\bin\target\release\deps\Instant_Vortex.pdb

Imports

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

kernel32

Sleep
GetModuleHandleA
GetProcAddress
InitializeSListHead
SetFileCompletionNotificationModes
CreateIoCompletionPort
SetHandleInformation
GetQueuedCompletionStatusEx
ReleaseSRWLockExclusive
GetCurrentThread
GetStdHandle
GetConsoleMode
TryAcquireSRWLockExclusive
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetCurrentThreadId
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateThread
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
HeapFree
PostQueuedCompletionStatus
SwitchToThread
GetSystemInfo
AcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapReAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetSystemTimeAsFileTime
FindFirstFileW
GetFullPathNameW
IsDebuggerPresent
SetLastError
FindClose
GetLastError
FindNextFileW
lstrlenW
GetFinalPathNameByHandleW
IsProcessorFeaturePresent

ntdll

NtAllocateVirtualMemory
NtWaitForSingleObject
NtWriteVirtualMemory
NtProtectVirtualMemory
NtCancelIoFileEx
RtlNtStatusToDosError
NtWriteFile
NtDeviceIoControlFile
NtCreateFile
NtCreateThreadEx

ws2_32

connect
send
recv
WSACleanup
WSAStartup
freeaddrinfo
setsockopt
bind
getsockopt
getaddrinfo
ioctlsocket
WSASocketW
WSASend
shutdown
closesocket
WSAIoctl
getsockname
WSAGetLastError
getpeername

bcrypt

BCryptGenRandom

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

secur32

FreeCredentialsHandle
AcceptSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
QueryContextAttributesW
ApplyControlToken
DeleteSecurityContext
EncryptMessage
DecryptMessage
InitializeSecurityContextW

crypt32

CertGetCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertDuplicateStore

vcruntime140

memset
__current_exception
memmove
memcpy
__CxxFrameHandler3
memcmp
__C_specific_handler
__current_exception_context

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_seh_filter_exe
_register_onexit_function
_crt_atexit
__p___argv
__p___argc
_set_app_type
_initialize_onexit_table
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_exit
exit
terminate
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 722KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85cc47fb9a17c05789a129c88e8a2d94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ole32

kernel32

ntdll

ws2_32

bcrypt

advapi32

secur32

crypt32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 722KB - Virtual size: 721KB

.rdata Size: 562KB - Virtual size: 561KB

.data Size: 512B - Virtual size: 936B

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 722KB - Virtual size: 721KB

.rdata
Size: 562KB - Virtual size: 561KB

.data
Size: 512B - Virtual size: 936B

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 8KB - Virtual size: 7KB