tposd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tposd.exe
Size

1.3MB
MD5

20590d3530788ed31670de7fec914c23
SHA1

c69a696b891a6f3cc5a63c3ecac1a80f1cdb600f
SHA256

277c49467677dcfb97c23aabb0b926f8b040a4664f45b808fca76ccb2c1e47c1
SHA512

518a9c998a74d59c4c959273d936efa43a6555b4f892a24fc13ca2815319181d8df92ffe2e07236b7ffbb9337cf0e1af7ea483658730525a0f3e3ff6809bb8af
SSDEEP

12288:RRyRcXjPTkJG+vfWyRVFjRwDbiXhezWcajlPqnBFQOWrk:R7PTkJGof7RVFdaFzW3rrk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tposd.exe

Files

tposd.exe
.exe windows:6 windows x64 arch:x64

2883b3e6ef4d637b5b7c223255eac5fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\WORK\BASE_UTILITY_SVN_ROOT\R0YVU34W\src\tphkload\clients\tponscr\recv.win8\obj\AMD64\tposd.pdb

Imports

kernel32

GetUserDefaultUILanguage
GetCurrentProcess
LocalAlloc
GetSystemFirmwareTable
LocalFree
ReadConsoleW
DeleteTimerQueue
lstrlenW
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetVersionExW
CreateProcessW
GetExitCodeThread
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
TerminateThread
HeapQueryInformation
HeapReAlloc
HeapFree
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
CreateThread
Sleep
OpenEventW
CreateEventW
CreateMutexW
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseMutex
SetEvent
CancelIo
GetCommandLineW
GetOverlappedResult
DeviceIoControl
WaitNamedPipeW
SetLastError
GetLastError
CloseHandle
ReadFileEx
GetFileType
GetCurrentThread
GetSystemInfo
HeapValidate
HeapSize
HeapAlloc
GetModuleHandleExW
ExitProcess
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
CreateFileW
WriteConsoleW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
CloseServiceHandle
RegNotifyChangeKeyValue
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW

user32

LoadStringW
RegisterWindowMessageW
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
LoadImageW
DestroyIcon
LoadCursorW
SetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
GetCursorPos
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
IsWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW

gdi32

CombineRgn
BitBlt
CreateRoundRectRgn
CreateCompatibleBitmap
CreateRectRgn
DeleteDC
DeleteObject
OffsetRgn
SelectObject
SetPixelV
GetObjectW
CreateSolidBrush
CreateDCW
CreateCompatibleDC
GetPixel

comctl32

InitCommonControlsEx

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW

shlwapi

ColorHLSToRGB
StrCmpW
StrStrW
PathFileExistsW
PathAppendW
ColorRGBToHLS
StrRChrW

imm32

ImmDisableIME

wtsapi32

WTSRegisterSessionNotification

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2883b3e6ef4d637b5b7c223255eac5fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

comctl32

shell32

shlwapi

imm32

wtsapi32

ole32

Sections

.text Size: 634KB - Virtual size: 634KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 517KB - Virtual size: 517KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 634KB - Virtual size: 634KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 517KB - Virtual size: 517KB

.reloc
Size: 2KB - Virtual size: 1KB