JTLocal[.]exe[.]virus

Sharing

Copy URL Twitter E-mail

General

Target

JTLocal.exe.virus
Size

941KB
MD5

96e51f3b592635b459c7019ff833fc20
SHA1

a99b832d62eea711edda6fae8c617e20ee95c04c
SHA256

ee14f0516d19ac18cda04ac660bbc3d165888f921c7c9356129b72a9552fbf00
SHA512

b2f31464e26e0ab245bd30e3a6ff1036e151703bd0daf43074344a3d60789705c864e25a167d5c90d2df164b6142a349ccccea9c0dcb21afff2298480d555fd5
SSDEEP

24576:XGPzpHbIMhheoZFOxuNRXDs0PEXX2m+9cp9:XGdJhcQO0PDsScz

Score

N/A

Malware Config

Signatures

Files

JTLocal.exe.virus
.exe windows x86

978b94d2cc255095c7945fe84db42302

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:fe
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/11/2019, 00:00

Not After

23/11/2020, 12:00

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:ed
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/11/2019, 00:00

Not After

23/11/2020, 12:00

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cf:8d:83:62:3a:cf:2a:6d:f3:b1:1b:2e:f5:5f:4c:02:34:e5:32:99:e3:1b:29:9e:36:33:b1:81:c0:f9:db:ce
Signer

Actual PE Digest

cf:8d:83:62:3a:cf:2a:6d:f3:b1:1b:2e:f5:5f:4c:02:34:e5:32:99:e3:1b:29:9e:36:33:b1:81:c0:f9:db:ce

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

17/09/2020, 12:12
Valid: true

Chain 1

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

62:06:f4:d1:df:12:70:dd:b9:22:83:03:ea:14:dd:58:9a:15:72:ca
Signer

Actual PE Digest

62:06:f4:d1:df:12:70:dd:b9:22:83:03:ea:14:dd:58:9a:15:72:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

17/09/2020, 12:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
ReleaseMutex
CreateMutexW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetVolumeInformationW
GetSystemInfo
FormatMessageW
GetVersionExW
FindClose
GetTempPathW
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GlobalAlloc
GlobalFree
OpenProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
lstrcpyW
GetTickCount
WriteFile
GetFileAttributesW
CopyFileW
GetWindowsDirectoryW
VirtualProtect
SetErrorMode
GetLocalTime
GetFullPathNameW
OutputDebugStringA
SetPriorityClass
VirtualAlloc
VirtualFree
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
GetTempFileNameW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
WaitForSingleObjectEx
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
ExpandEnvironmentStringsW
PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
ResetEvent
DeviceIoControl
InitializeCriticalSection

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW

user32

wsprintfW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyExW
RevertToSelf
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
ImpersonateLoggedOnUser

ole32

CoUninitialize
CoCreateInstance
CoInitialize

iphlpapi

GetAdaptersInfo

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetOpenW

urlmon

URLDownloadToFileW

ws2_32

ntohs
gethostname
ioctlsocket
listen
accept
sendto
WSAStartup
WSACleanup
closesocket
socket
WSAGetLastError
recv
send
bind
connect
getpeername
getsockname
getsockopt
htons
setsockopt
WSASetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
recvfrom

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

978b94d2cc255095c7945fe84db42302

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:feCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:edCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

cf:8d:83:62:3a:cf:2a:6d:f3:b1:1b:2e:f5:5f:4c:02:34:e5:32:99:e3:1b:29:9e:36:33:b1:81:c0:f9:db:ceSigner

Signature Validations

Verification

17/09/2020, 12:12 Valid: true

Chain 1

62:06:f4:d1:df:12:70:dd:b9:22:83:03:ea:14:dd:58:9a:15:72:caSigner

Signature Validations

Verification

17/09/2020, 12:12 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

user32

advapi32

ole32

iphlpapi

wininet

urlmon

ws2_32

Sections

.text Size: 565KB - Virtual size: 564KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 7KB - Virtual size: 21KB

.gfids Size: 512B - Virtual size: 444B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 207KB - Virtual size: 206KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:fe
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:ed
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

cf:8d:83:62:3a:cf:2a:6d:f3:b1:1b:2e:f5:5f:4c:02:34:e5:32:99:e3:1b:29:9e:36:33:b1:81:c0:f9:db:ce
Signer

17/09/2020, 12:12
Valid: true

62:06:f4:d1:df:12:70:dd:b9:22:83:03:ea:14:dd:58:9a:15:72:ca
Signer

17/09/2020, 12:12
Valid: false

.text
Size: 565KB - Virtual size: 564KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 7KB - Virtual size: 21KB

.gfids
Size: 512B - Virtual size: 444B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 207KB - Virtual size: 206KB

.reloc
Size: 25KB - Virtual size: 25KB