CjkServer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CjkServer.exe
Size

100KB
MD5

418dfde34fc981b0ffbf5210d74f165c
SHA1

ba4a1d2510b4520e54d80d075e524267508f08b4
SHA256

db1b2c12682035e090eab4a38117eeadd558fd96f2311cd31cb2d67340848602
SHA512

76ab531497c8a8bf7d08a0ded3df902714c1d026d571cf786c810858ae9948985c3e119f416d8e5a1c1fb0b76fc71e797f8b380420fbb632649f034a34cd52ae
SSDEEP

1536:22+FZWJ5Ikh9i7wVioEJsxIa2w1zzFsGrwn2NXH7duzk6:220ZOGkh9i72i9sia2w1X+K3NXH7gzF

Score

N/A

Malware Config

Signatures

Files

CjkServer.exe
.exe windows x86

6f6b1d14606bbeed884e27aa19a8d1f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pccrsdk

_ICR_set_imageDecomposition@8
_ICR_free_attributeData@12
_ICR_get_attributeData@12
_ICR_get_statistics@8
_ICR_set_imageRegionsAttr@12
_ICR_free_imagePolygonRegions@12
_ICR_imageDecomposition@12
_ICR_load_imageFile@8
_ICR_set_language@8
_ICR_readImage@4
_ICR_set_unrecognizedChar@8
_ICR_set_peekTextFunction@12
_ICR_init@4
_ICR_term_FR4@0
_ICR_term@4

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
QueryPerformanceCounter
FreeLibrary
CompareStringA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
SetLastError
GetModuleHandleA
LoadLibraryA
GetCommandLineW
GlobalUnlock
ExitProcess
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA

gdi32

DeleteObject

fineobj

??1CMemoryManagerSwitcher@FObj@@QAE@XZ
??3@YAXPAX@Z
??2@YAPAXI@Z
??0rational@FObj@@QAE@HH@Z
?make@rational@FObj@@CA?AV12@_J0@Z
?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11JK@Z
?IsRectEmpty@CRect@FObj@@QBE_NXZ
??0CUnicodeString@FObj@@QAE@XZ
??1CUnicodeString@FObj@@QAE@XZ
??0CRect@FObj@@QAE@XZ
??0rational@FObj@@QAE@XZ
??0rational@FObj@@QAE@H@Z
??0CString@FObj@@QAE@XZ
??1CString@FObj@@QAE@XZ
?GetBuffer@CString@FObj@@QAEPADH@Z
?ReleaseBuffer@CString@FObj@@QAEXXZ
??BCString@FObj@@QBEPBDXZ
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
?Length@CUnicodeString@FObj@@QBEHXZ
??ACUnicodeString@FObj@@QBE_WH@Z
??0CUnicodeString@FObj@@QAE@PB_W@Z
??_5CRect@FObj@@QAEXABUtagRECT@@@Z
??0CString@FObj@@QAE@PBD@Z
??Yrational@FObj@@QAEXH@Z
?Height@CRect@FObj@@QBEHXZ
??_0rational@FObj@@QAEXH@Z
??0CPoint@FObj@@QAE@HH@Z
?Width@CRect@FObj@@QBEHXZ
?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z
??0CError@FObj@@QAE@PB_WH@Z
?GenerateCheck@FObj@@YAXAAVCError@1@PB_W11@Z
??1CError@FObj@@QAE@XZ
?safeMake@rational@FObj@@CA?AV12@_J0@Z
?New@TempFile@FObj@@YA?AVCUnicodeString@2@PB_W@Z
??BCUnicodeString@FObj@@QBEPB_WXZ
??0CUnicodeString@FObj@@QAE@ABV01@@Z
?Delete@TempFile@FObj@@YAXABVCUnicodeString@2@@Z
??0CMessage@FObj@@QAE@PB_WH@Z
??1CMessage@FObj@@QAE@XZ
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
?CreateString@CUnicodeString@FObj@@QBE?AVCString@2@I@Z
?Compare@CUnicodeString@FObj@@QBEHPB_W@Z
?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z
?CopyObject@FObj@@YAXPBVIObject@1@PAV21@@Z
??$DuplicateObject@VIObject@FObj@@@FObj@@YA?AV?$CPtr@VIObject@FObj@@@0@PBVIObject@0@@Z
?GetName@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?Delete@CException@FObj@@QAEXXZ
??1CMessageHandler@FObj@@UAE@XZ
??0CFile@FObj@@QAE@XZ
??1CFile@FObj@@UAE@XZ
??_7CMessageHandler@FObj@@6B@
??4CUnicodeString@FObj@@QAEAAV01@PB_W@Z
?AddResourcePrefix@FObj@@YAXPB_W0@Z
?Open@CFile@FObj@@QAEXABVCUnicodeString@2@I@Z
??0CMessageHandlerSwitcher@FObj@@QAE@PAVCMessageHandler@1@_N1@Z
?SetCurrentLanguageCode@FObj@@YAXH@Z
?LoadModule@FObj@@YAPAUHINSTANCE__@@PB_W@Z
?Clean@FObj@@YAXXZ
??0CArchive@FObj@@QAE@PAVCBaseFile@1@W4TDirection@01@H@Z
??1CArchive@FObj@@UAE@XZ
??6FObj@@YAAAVCArchive@0@AAV10@ABVCUnicodeString@0@@Z
?Close@CArchive@FObj@@QAEXXZ
?GetDefaultReturnValue@CMessageHandler@FObj@@SAHI@Z
??5FObj@@YAAAVCArchive@0@AAV10@AAVCUnicodeString@0@@Z
?GetLongName@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?Format@FObj@@YA?AVCUnicodeString@1@PB_WZZ
?Initialize@FObj@@YA_NPB_W0@Z
?SetAppTitle@FObj@@YAXABVCUnicodeString@1@@Z
??1CMessageHandlerSwitcher@FObj@@QAE@XZ
?getWritePtr@CArchive@FObj@@AAEPAXH@Z
?getReadPtr@CArchive@FObj@@AAEPBXH@Z
?ReadObject@CArchive@FObj@@QAE?AV?$CPtr@VIObject@FObj@@@2@XZ
?UnicodeName@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
?WriteObject@CArchive@FObj@@QAEXPBVIObject@2@@Z
?ShowMessageWithIcon@CMessageHandler@FObj@@UAEHPAUHWND__@@PB_W1I1@Z
?ShowWarning@CMessageHandler@FObj@@UAEXPAVCException@2@@Z
??YCRect@FObj@@QAEXUtagSIZE@@@Z
??ZCRect@FObj@@QAEXUtagSIZE@@@Z
??ICRect@FObj@@QBE?AV01@ABUtagRECT@@@Z
??YCUnicodeString@FObj@@QAEAAV01@_W@Z
??1CSetupBase@FObj@@MAE@XZ
?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ
?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z
?Value@CUnicodeString@FObj@@QBE_NAA_N@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z
??0CCriticalSectionLock@FObj@@QAE@PAVCCriticalSection@1@_N@Z
?cacheSetupSection@FObj@@3VCCriticalSection@1@A
??1CCriticalSectionLock@FObj@@QAE@XZ
??0CMemoryManagerSwitcher@FObj@@QAE@PAVIMemoryManager@1@@Z
??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
?IsSpace@FObj@@YA_ND@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?ReadText@CFile@FObj@@SA?AVCUnicodeString@2@ABV32@I@Z
?GetFineObjectsVersion@FObj@@YAHXZ
?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?EndStaticPart@FObj@@YAXXZ
?GetErrorFlag@FObj@@YA_NXZ
?BeginStaticPart@FObj@@YAXXZ
?Warning@FObj@@YAXPAVCException@1@@Z

msvcr71

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_CxxThrowException
swscanf
_fpreset
__RTDynamicCast
_purecall
memmove
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
__security_error_handler
_controlfp
?terminate@@YAXXZ
_stricmp
wcslen
wcschr
iswspace
_wcsnicmp
__CxxFrameHandler

langinfo

?languagesCount@LangInfo@@0HB
?GetLanguageId@LangInfo@@SIFPBD@Z
?LettersNamesCodePage@LangInfo@@2HB
?GetLanguageName@LangInfo@@SIPBDF@Z
?TranslateToUnicode@LangInfo@@SI?AVCUnicodeString@FObj@@PBDHH@Z
?CharNextW@LangInfo@@SA_WAAPBDHPBD@Z
?GetMultibyteCodePageFromLanguage@LangInfo@@SIHFW4CodePageType@@@Z
?GetCodePage@LangInfo@@SIHPBD@Z
?GetPrimaryLanguage@UnicodeLangInfo@@YAFF@Z
?IsValidLanguageId@UnicodeLangInfo@@YA_NF@Z

user32

MessageBoxA

Exports

Exports

__FineObjUsed

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f6b1d14606bbeed884e27aa19a8d1f2

Headers

File Characteristics

Imports

pccrsdk

kernel32

gdi32

fineobj

msvcr71

langinfo

user32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B