tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

85KB
MD5

e65d4beed233c58d149c30593eae08b6
SHA1

2f3c8428fa137acf26dc02781beefa61d82f4c0e
SHA256

c39401eb09cb05ae891e13e1bc8a9f01a7fb8cb70ec879373e0c570968a2b21f
SHA512

197f493ebe91581ec3230383cc5ab9d53b7457d879e0f266c9b1b91f546a49ccd86312d6f6681946dc748d6b7bf318319150902327fdea2947650aead22bf93a
SSDEEP

768:ggTTKwlX+W2S0TDoXN3rW5fetrgsupXZQ1nrWAGq+tAuodCcea1Or0YJwA4C35iM:YwMl9YW5fetrgpFZ2nrWLtyEcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:6 windows x64 arch:x64

de473734be232b0d4ea176ff4dcf797a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\munish\Downloads\ChaiLdr-main\ChaiLdr-main\ChaiLdr\x64\Release\ChaiLdr.pdb

Imports

kernel32

ReadFile
HeapFree
WriteFile
GetTempPathW
CreateFileW
CloseHandle
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetLastError
SetCriticalSectionSpinCount
ConvertDefaultLocale
GetCurrentProcess
SleepEx
GetConsoleWindow
lstrlenA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

user32

IsDialogMessageW
wsprintfW
GetWindowContextHelpId
MessageBoxA
RegisterClassW
ShowWindow
GetWindowLongPtrW
IsWindowVisible

vcruntime140

__current_exception
memcpy
__current_exception_context
memset
__C_specific_handler

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__stdio_common_vfprintf
__p__commode

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
_exit
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
exit
_seh_filter_exe
_initterm_e
_set_app_type
_configure_narrow_argv
_c_exit
_initialize_onexit_table
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de473734be232b0d4ea176ff4dcf797a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 11KB

.pdata Size: 1024B - Virtual size: 600B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 11KB

.pdata
Size: 1024B - Virtual size: 600B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 44B