tp3host[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tp3host.exe
Size

5.0MB
MD5

fb08f2cb20523c34a7c01e2f565774a1
SHA1

212f6bb39ab33ea61abaf69e35da3449db39d1d8
SHA256

9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2
SHA512

c7e650e8b7d4f1ece36f1dd1427ee200ed824a032ea6b3452a5f3f68edca4605f5f94c5ee2730dcc9016c8d8fea355fddf2d47aecdf23e574cd431307d0d143d
SSDEEP

98304:Uj/lHucccKPaU8XiVvC+0NZFaQCATWzEBBP+mGB6:UblVchPIXiVKPPa0BBGmGB6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tp3host.exe

Files

tp3host.exe
.exe windows:6 windows x86 arch:x86

333ad92390c4b67f3455fac95881c5b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\anytoiso\build\anytoiso.pdb

Imports

kernel32

GetProcessTimes
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
ReleaseMutex
ReleaseSemaphore
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
DebugBreak
ReadFile
FileTimeToLocalFileTime
CompareFileTime
LocalFree
GetCommandLineW
CreateRemoteThread
OpenProcess
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
ExpandEnvironmentStringsW
SearchPathW
GetWindowsDirectoryW
VirtualAlloc
VirtualFree
GetVersionExW
LocalLock
LocalUnlock
GetLongPathNameW
GetSystemInfo
VirtualAllocEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
K32EnumProcessModules
K32GetModuleFileNameExW
GetCurrentDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetFileAttributesExW
InitOnceComplete
InitOnceBeginInitialize
SetFileAttributesW
WriteProcessMemory
GetVolumeInformationW
GetLogicalDriveStringsW
GetDriveTypeW
WaitForMultipleObjects
ResetEvent
SetThreadPriority
GetSystemPowerStatus
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
GetFileSize
GetDiskFreeSpaceExW
CreateFileW
OutputDebugStringW
MoveFileExA
QueryPerformanceCounter
VerifyVersionInfoW
VerSetConditionMask
QueryPerformanceFrequency
SetThreadGroupAffinity
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetCurrentThread
FindClose
FindNextFileW
FindFirstFileW
LeaveCriticalSection
SetEvent
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
TerminateProcess
GetExitCodeProcess
CreateProcessW
lstrcatW
UnmapViewOfFile
CloseHandle
DeleteCriticalSection
CreateMutexW
CreateEventW
InitializeCriticalSection
WaitForSingleObject
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
WriteFile
WriteConsoleW
WideCharToMultiByte
MultiByteToWideChar
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetLastError
GetFileAttributesW
GlobalMemoryStatus
GetProcessAffinityMask
CreateSemaphoreW
VirtualFreeEx
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
LocalAlloc
FormatMessageW
SetFilePointerEx
lstrlenW
QueryFullProcessImageNameW
DeviceIoControl
FileTimeToSystemTime
GetFullPathNameW
GetTempFileNameW
QueryDosDeviceW
GetTempPathW
LoadResource
LockResource
SizeofResource
FindResourceW
GetSystemTime
GetVersion
GetNativeSystemInfo
VirtualProtect
FreeLibrary
lstrcpyW
DecodePointer
RaiseException
GetFileTime
GetModuleHandleW
GetProcAddress
GetStdHandle
AttachConsole
InitializeCriticalSectionAndSpinCount
FreeConsole
GetTimeZoneInformation
AreFileApisANSI
CompareStringW
GetCPInfo
IsDBCSLeadByte
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FoldStringW
CompareStringA
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointer
SetPriorityClass
GetSystemDirectoryW
SetThreadExecutionState
CreateThread
CreateDirectoryW
DeleteFileW
MoveFileW
GetShortPathNameW
RemoveDirectoryW
CreateHardLinkW
HeapDestroy

user32

GetParent
SetRect
GetLastActivePopup
GetWindow
LoadIconW
FillRect
GetSysColor
MessageBeep
SetWindowLongW
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
RedrawWindow
GetWindowLongW
EndPaint
BeginPaint
DrawTextW
DrawIcon
EnableMenuItem
DestroyWindow
CreateWindowExW
GetSystemMenu
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetClassInfoW
RegisterClassW
GetDialogBaseUnits
CheckDlgButton
DefWindowProcW
GetDesktopWindow
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
IsDialogMessageW
BringWindowToTop
IsIconic
ShowWindow
AttachThreadInput
MessageBoxW
OemToCharA
OemToCharBuffA
CharLowerW
CharUpperA
CharLowerA
CharToOemBuffW
GetDlgItem
CharLowerBuffA
CharLowerBuffW
GetMessageW
ExitWindowsEx
PostMessageW
RegisterClassExW
SetLayeredWindowAttributes
GetSystemMetrics
GetActiveWindow
GetClassNameW
WinHelpW
CharUpperW
CharToOemA
UnregisterClassW
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetDC
ReleaseDC
SystemParametersInfoW
SendMessageW
WaitForInputIdle
FindWindowW
FindWindowExW
EnumDisplaySettingsW
LoadStringW
TranslateMessage
DispatchMessageW
PeekMessageW
WaitMessage
SetFocus
PostQuitMessage
CreateDialogIndirectParamW
DestroyIcon
LoadImageW
RegisterWindowMessageW
IsWindow
MoveWindow

shell32

CommandLineToArgvW
SHFileOperationW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW
SHGetFileInfoW

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize

ws2_32

shutdown
bind
WSAStartup
WSACleanup
socket
WSAGetLastError
accept
listen
ioctlsocket
getsockname
connect
send
recv
freeaddrinfo
select
setsockopt
getsockopt
recvfrom
__WSAFDIsSet
closesocket
getaddrinfo

shlwapi

PathIsDirectoryW
PathQuoteSpacesW
StrFormatByteSizeW
PathStripPathW
PathIsRelativeW
PathMatchSpecW
PathAddBackslashW

advapi32

SetFileSecurityW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupPrivilegeValueW
LookupAccountSidW
IsValidSid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegNotifyChangeKeyValue
RegOpenKeyExW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysAllocString
VariantCopy
SysStringLen
GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocStringLen
CreateErrorInfo

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 764KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

333ad92390c4b67f3455fac95881c5b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

ws2_32

shlwapi

advapi32

oleaut32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 764KB - Virtual size: 768KB

.data Size: 45KB - Virtual size: 136KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 764KB - Virtual size: 768KB

.data
Size: 45KB - Virtual size: 136KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB