tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

137KB
MD5

6fe3fbceb3a8ed03295f9740b6b526a2
SHA1

e602d5d39bf79a331fa237d10113f7e9583a08d3
SHA256

b1d1a1676a23f80910ff88400e5fe399ce7d08bc1807ed9cbf2e4b1fc3dd0cd7
SHA512

af9d3a9277737fb8e9ab06686a006ab47970b91901c795de92c7b7a6152f0dffd9671d7ca0ec5a3df270080a4d6ec898281d6472c90cb1944e4747fd24a06cd9
SSDEEP

3072:/gT5oPEzUhotLe0FUYwCAuShXBSCwZL7kLGoImIcvla97iTwdy:nMzUCLFFUYhEhuVj+l2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x64 arch:x64

2edbf15202e33165aaa764e240d9c009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\WinDefThreatsView\x64\Release\WinDefThreatsView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_initterm
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
qsort
_wcsnicmp
free
_wcsicmp
modf
wcschr
memcmp
wcsrchr
wcstoul
wcscmp
malloc
_memicmp
swscanf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_ultow
_itow
_purecall
_snwprintf
wcscat
memset
wcscpy
_wtoi
wcsncat

comctl32

ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SetErrorMode
WaitForSingleObject
DeleteFileW
GetCurrentProcessId
ReadProcessMemory
ExitProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
lstrcpyW
GlobalUnlock
GetTempPathW
GlobalLock
SizeofResource
FormatMessageW
GetLastError
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateFileW
CloseHandle
GlobalAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
GetDateFormatW
WideCharToMultiByte
lstrlenW
GetCurrentProcess
LockResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
GetDriveTypeW
GetExitCodeProcess

user32

ChildWindowFromPoint
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
InsertMenuItemW
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetKeyState
CreatePopupMenu
LoadIconW
SetMenuItemInfoW
RegisterWindowMessageW
IsDialogMessageW
TrackPopupMenu
InsertMenuW
PostQuitMessage
TranslateMessage
GetMessageW
RemoveMenu
DrawTextExW
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow

gdi32

DeleteDC
SetPixel
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
GetPixel
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysFreeString

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2edbf15202e33165aaa764e240d9c009

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 25KB - Virtual size: 25KB