tmprz1d_6ek | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmprz1d_6ek
Size

458KB
MD5

f8c737ca365dbbae5e0010e75bd641b3
SHA1

997b00a5807ffff06298b11e6c5cd427dc8d2402
SHA256

05c932f7c7391ba29b3dec39a7e273a9b51f1c6bd75b0aa942c08e1fa91dced8
SHA512

5f632dc5f85eab78ba7030be0347e497e309c4ebf109fb765368171ad5e56361f797bc742b25b1296240a02ed55eb4c14b76be849149b3b6367a00792fcdc7be
SSDEEP

12288:SkQxAVquWibWM1ysXvTz4NaGVg/6k+VrKk:lqni6M1yovTz4NaGY6nRK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmprz1d_6ek

Files

tmprz1d_6ek
.dll windows:4 windows x64 arch:x64

de297ca23880e1543f5c5121dfbab235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharUpperW

advapi32

RegDeleteKeyW
GetFileSecurityW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

msvcrt

free
malloc
strlen
memset
memmove
strstr
strcmp
memcmp
_CxxThrowException
memcpy
__CxxFrameHandler
wcsstr
__C_specific_handler
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
wcscmp

kernel32

InitializeCriticalSection
Sleep
FormatMessageW
VirtualFree
VirtualAlloc
GetProcAddress
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetCurrentProcess
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetDriveTypeW
DeviceIoControl
SetEndOfFile
WriteFile
ReadFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetStdHandle
GetLastError
GetTickCount
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateHardLinkW
CreateDirectoryW
DeleteFileW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
FindFirstStreamW
FindNextStreamW
GetFileAttributesW
GetFileSize
SetFilePointer

Exports

Exports

ClosePlugin
Configure
DeleteFiles
ExitFAR
FreeFindData
GetFiles
GetFindData
GetOpenPluginInfo
GetPluginInfo
OpenFilePlugin
OpenPlugin
ProcessKey
PutFiles
SetDirectory
SetStartupInfo

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de297ca23880e1543f5c5121dfbab235

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 512B - Virtual size: 14KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 512B - Virtual size: 14KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 3KB - Virtual size: 2KB