tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

7.0MB
MD5

398f543ff00bcb13b4262de8e9e02775
SHA1

04c949354abbf17c06071a28e06a3dc011b44105
SHA256

29e1a24b56559f453d1bfffc6eeb5735fe117433a1dbf201acd15930cbf72fb0
SHA512

16f04244cbb68558409caf78321b60f3317296ee1a10843b6ca08a80b2577341e1c01ea7deae981af6cb2f256f07dc62d7229368c6656a55f1dfc6f0cc3c2e1c
SSDEEP

196608:fOLxKmZwwaG58so93iV3INxUekkgaFjeND8JHZ3u:7RXUFkhFjvZ3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:5 windows x86 arch:x86

4674c8eba4c275a0ed160aa7aee612db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\WarZ\Src\RSUpdate\Release\Launcher.pdb

Imports

d3dx9_43

D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXSaveSurfaceToFileA
D3DXCreateFontA
D3DXCreateTextureFromFileInMemory
D3DXGetImageInfoFromFileInMemory

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteA
SHGetFolderPathA

user32

PeekMessageW
GetMessageW
GetClientRect
ClientToScreen
ShowCursor
RegisterClassA
CreateWindowExA
GetActiveWindow
InvalidateRect
UpdateWindow
SetFocus
BeginPaint
EndPaint
SetClipboardViewer
ChangeClipboardChain
GetMessageA
CloseClipboard
GetWindowRect
PostQuitMessage
GetKeyState
GetFocus
LoadIconA
SendMessageA
GetCaretBlinkTime
MessageBoxA
LoadCursorA
AdjustWindowRect
SetCapture
TranslateMessage
GetAsyncKeyState
SetRect
SetWindowLongA
GetWindowLongA
GetClipboardData
PeekMessageA
DefWindowProcA
SetWindowPos
GetCursorPos
LoadStringW
ShowWindow
SwitchToThisWindow
ClipCursor
DispatchMessageA
OpenClipboard
ReleaseCapture
SetWindowTextA

ole32

CoUninitialize
CoInitialize
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
StringFromCLSID
CoCreateInstance

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysFreeString

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

kernel32

MultiByteToWideChar
CopyFileA
GetModuleFileNameA
GetProcAddress
GlobalMemoryStatusEx
GetVersionExA
WaitForSingleObject
TerminateThread
CloseHandle
GetFullPathNameA
GetCurrentProcess
GlobalLock
SetEvent
GlobalAlloc
Sleep
CreateEventA
LeaveCriticalSection
TerminateProcess
GlobalUnlock
EnterCriticalSection
OpenEventA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
OutputDebugStringA
AllocConsole
SetConsoleTitleA
MoveFileA
DeleteFileA
SetFileAttributesA
FindResourceA
LoadResource
SizeofResource
LockResource
ExitProcess
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
GetLastError
LocalFree
GetFullPathNameW
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
MoveFileW
DeleteFileW
SetFilePointer
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindClose
LoadLibraryA
FindFirstFileA
CreateDirectoryA
GetFileAttributesA
CreateFileA
GetCurrentThreadId
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
CreateThread
GetTickCount
GetACP
GetOEMCP
GetComputerNameA
FormatMessageA
GetFileTime
ReadFile
WriteFile
GetFileSize
DeleteCriticalSection
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
InterlockedExchange
MapViewOfFile
GetSystemInfo
SetEndOfFile
GetModuleHandleA
MulDiv
InterlockedExchangeAdd
TryEnterCriticalSection
GetCurrentThread
DuplicateHandle
UnmapViewOfFile
CreateFileMappingA
Module32Next
Module32First
GetCurrentProcessId
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
ExitThread
GetSystemTimeAsFileTime
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
FileTimeToLocalFileTime
GetDriveTypeA
GetFileType
GetProcessHeap
GetModuleHandleW
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WakeConditionVariable
SetHandleCount
GetStdHandle
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapCreate
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
VirtualQuery
CreateFileW
SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
HeapSize

advapi32

GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW

gdi32

SelectObject
CreateICA
GetDeviceCaps
DeleteDC
GetStockObject
CreateFontA
CreateCompatibleDC
LineTo
MoveToEx
ExtTextOutA
CreatePen
SetMapMode
CreateDIBSection
SetTextAlign
SetBkColor
SetTextColor
DeleteObject
GetTextExtentPoint32A

ws2_32

bind
__WSAFDIsSet
select
htons
inet_addr
gethostbyname
inet_ntoa
ntohs
WSAStartup
socket
WSAGetLastError
ioctlsocket
setsockopt
getsockopt
send
recv
shutdown
getsockname
closesocket
connect

dinput8

DirectInput8Create

crypt32

CertDuplicateCertificateContext
CryptEncryptMessage
CryptEncodeObject
CryptDecryptMessage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CryptMsgGetParam
CryptMsgControl
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrW
CertSetCertificateContextProperty
CryptDecodeObject

Exports

Exports

ZSTD_CCtxParams_getParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_reset
ZSTD_CCtxParams_setParameter
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_refThreadPool
ZSTD_CCtx_reset
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_cParam_getBounds
ZSTD_checkCParams
ZSTD_compress
ZSTD_compress2
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressSequences
ZSTD_compressStream
ZSTD_compressStream2
ZSTD_compressStream2_simpleArgs
ZSTD_compress_advanced
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_advanced2
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_createThreadPool
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_freeThreadPool
ZSTD_generateSequences
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromCDict
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getFrameProgression
ZSTD_getParams
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_maxCLevel
ZSTD_mergeBlockDelimiters
ZSTD_minCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_toFlushNow
ZSTD_versionNumber
ZSTD_versionString
ZSTD_writeSkippableFrame

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 905KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

z:蠣u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4674c8eba4c275a0ed160aa7aee612db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

d3d9

iphlpapi

shell32

user32

ole32

oleaut32

dbghelp

kernel32

advapi32

gdi32

ws2_32

dinput8

crypt32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 812KB - Virtual size: 811KB

.data Size: 182KB - Virtual size: 905KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 177KB - Virtual size: 177KB

z:蠣u� Size: 16KB - Virtual size: 20KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 812KB - Virtual size: 811KB

.data
Size: 182KB - Virtual size: 905KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 177KB - Virtual size: 177KB

z:蠣u�
Size: 16KB - Virtual size: 20KB