tmp | Triage

Sharing

General

Target

tmp
Size

389KB
MD5

56ab49c031367376bc8753b8bc2388da
SHA1

16e1bdbeb0df52ce30481c374a45d4ccb98e1219
SHA256

8c2daeab0a4f1cf937c65a17fffe6f50a33d102c5ab4638e2438211cfefe544d
SHA512

4bb0e1fb041909ab685cf55017f4fad5981dfade35f181a5e436596941da75d61b4cde788e1d813fb4abee38373a50761d745f4329246c6a9c4a625971d7d8ff
SSDEEP

12288:fgkkZ8m4E3qYGJ95Cj5BtcCuPHzVvd/FLobUk:v08zyqtouVLsUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Windows\Containers\Confidential\DotnetGenerator\Stub\Projects\WorkHardKeepTrying\obj\Release\WorkHardKeepTrying.pdb

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ