MSI881A[.]tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

MSI881A.tmp
Size

4.6MB
MD5

f278eeff2c49bb84bf0c0d0ee1163b99
SHA1

879e73cd231dd9669598c4fe7122171978cdcb1a
SHA256

82a08c73f769b5009097c7ca9c9b64b64d256fc1c1a0e7bce5fe41c9f85abe0b
SHA512

291d070619fb5ade873ee6d6f9d3d204e53b6b90bdb473402b4deafaf1c0e423380e0c8a0232cba635cb5d78befd6bd0687dc93e50e1dbae5ef658fa0af0bd20
SSDEEP

49152:U+DPh2gD8aqB1lXShn0wsCXIzjYBbKI39TprkxaGJWO0jt253/YeFCA17H/39/Hv:U4D7qB1mtBbKI39Tprkxh/OXXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MSI881A.tmp

Files

MSI881A.tmp
.dll windows:4 windows x86 arch:x86

db400a517e99dd219984c242b1cbfca2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
VirtualProtect
VirtualQuery
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimePreciseAsFileTime
GetTempPathW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
RemoveDirectoryW
RtlCaptureContext
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetWaitableTimer
Sleep
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFileEx
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcmp
memcpy
memmove
memset
realloc
strlen
strncmp
vfprintf

ntdll

NtReadFile
NtWriteFile
NtCreateFile
RtlNtStatusToDosError

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Exports

Exports

deregister_ui_msi
register_ui_msi

Sections

.text
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 424B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 829KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/83
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/110
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/140
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/156
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db400a517e99dd219984c242b1cbfca2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

userenv

ws2_32

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Exports

Exports

Sections

.text Size: 615KB - Virtual size: 614KB

.data Size: 512B - Virtual size: 216B

.rdata Size: 113KB - Virtual size: 112KB

/4 Size: 80KB - Virtual size: 80KB

.bss Size: - Virtual size: 424B

.edata Size: 512B - Virtual size: 122B

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 22KB - Virtual size: 22KB

/14 Size: 1024B - Virtual size: 792B

/29 Size: 650KB - Virtual size: 650KB

/45 Size: 829KB - Virtual size: 828KB

/57 Size: 8KB - Virtual size: 8KB

/71 Size: 388KB - Virtual size: 387KB

/83 Size: 1.4MB - Virtual size: 1.4MB

/94 Size: 512B - Virtual size: 108B

/110 Size: 333KB - Virtual size: 333KB

/124 Size: 2KB - Virtual size: 2KB

/140 Size: 3KB - Virtual size: 2KB

/156 Size: 512B - Virtual size: 350B

.text
Size: 615KB - Virtual size: 614KB

.data
Size: 512B - Virtual size: 216B

.rdata
Size: 113KB - Virtual size: 112KB

/4
Size: 80KB - Virtual size: 80KB

.bss
Size: - Virtual size: 424B

.edata
Size: 512B - Virtual size: 122B

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 22KB - Virtual size: 22KB

/14
Size: 1024B - Virtual size: 792B

/29
Size: 650KB - Virtual size: 650KB

/45
Size: 829KB - Virtual size: 828KB

/57
Size: 8KB - Virtual size: 8KB

/71
Size: 388KB - Virtual size: 387KB

/83
Size: 1.4MB - Virtual size: 1.4MB

/94
Size: 512B - Virtual size: 108B

/110
Size: 333KB - Virtual size: 333KB

/124
Size: 2KB - Virtual size: 2KB

/140
Size: 3KB - Virtual size: 2KB

/156
Size: 512B - Virtual size: 350B