jre-7u65-windows-x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

jre-7u65-windows-x64.exe
Size

29.6MB
MD5

c925bfcf92cd7676fa8574c2ec2140d4
SHA1

8154af812e608bd0c8193c4d5e332a4133ed1aee
SHA256

3d209c087620ce096d5c1480582850c187657b1850f0383d8203c9a39ea3a6b1
SHA512

188c3323ac5022911e08267b0a707387602f94bb98caf61254d917f3f8065c824b342fedf266b987c9860577d4414a7fbc13b407503b5dc581e682c521d401ae
SSDEEP

786432:meXEuJEvEZh+yvwTnKt6KBjeT+MTOCMm7CNjdtiGL5FgiTny5:TOvZdTnw6KAT+MjOQa5FjTY

Score

1^/10

Malware Config

Signatures

Files

jre-7u65-windows-x64.exe
.exe windows x64

81dbadff28c405e0288121fd22fd5ba3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/06/2013, 00:00

Not After

06/08/2016, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:39:ce:33:ac:91:6c:16:16:58:34:b4:e9:e6:c8:ec:76:a9:bf:7d
Signer

Actual PE Digest

76:39:ce:33:ac:91:6c:16:16:58:34:b4:e9:e6:c8:ec:76:a9:bf:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

kernel32

GetSystemDirectoryA
SetDllDirectoryA
GetLongPathNameA
GetWindowsDirectoryA
GetEnvironmentVariableA
ReadFile
CreateEventA
GetNativeSystemInfo
GetTempPathA
SetFilePointer
GetTickCount
GetCurrentProcessId
GetUserDefaultUILanguage
FindClose
FindFirstFileA
ExitProcess
LocalFree
LocalAlloc
FormatMessageA
TerminateProcess
OpenProcess
SetEndOfFile
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessA
CreateDirectoryA
GetLocaleInfoA
ResetEvent
CreateThread
RemoveDirectoryA
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetFileType
SetHandleCount
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
LoadLibraryW
HeapSize
HeapReAlloc
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
HeapCreate
GetVersion
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetModuleHandleW
RtlUnwindEx
RtlLookupFunctionEntry
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
RtlPcToFileHeader
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcAddress
GetModuleHandleA
WaitForSingleObject
FlushInstructionCache
LoadLibraryA
GetVersionExA
GetThreadLocale
GetCommandLineA
lstrcpynA
GlobalHandle
GlobalFree
LoadLibraryExA
FreeLibrary
SetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameA
MulDiv
IsDBCSLeadByte
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
DeleteFileA
GetExitCodeProcess
lstrlenA
lstrcatA
CreateFileA
WriteFile
CloseHandle
lstrcmpA
lstrcpyA
lstrcmpiA
FindResourceA
GlobalAlloc
GetCurrentProcess

user32

PtInRect
GetWindowRect
GetCursorPos
SetCursor
PeekMessageA
DispatchMessageA
EndDialog
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
DestroyWindow
wsprintfA
LoadStringA
CharNextA
DefWindowProcA
SetWindowLongPtrA
GetSysColor
GetWindowLongA
ShowWindow
LoadBitmapA
GetDlgCtrlID
SetWindowContextHelpId
MapDialogRect
IsWindowVisible
GetSystemMenu
LoadImageA
EnableMenuItem
DispatchMessageW
SetWindowLongA
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
CallWindowProcA
GetWindowLongPtrA
EndPaint
BeginPaint
DestroyAcceleratorTable
SetFocus
GetWindow
GetFocus
GetDesktopWindow
UnregisterClassA
SendMessageA
IsWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateWindowExA
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextA
SetForegroundWindow
IsDlgButtonChecked
CheckDlgButton
EnableWindow
EnumWindows
GetWindowThreadProcessId
PostMessageA
MessageBoxA
GetActiveWindow
CreateDialogIndirectParamA
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA

gdi32

CreateDIBSection
SetDIBColorTable
SetBkMode
StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps

advapi32

CryptGetHashParam
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyA
RegOpenCurrentUser
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
RegOpenKeyExA
CryptDestroyHash
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
ShellExecuteExA
FindExecutableA
SHGetFolderLocation
SHGetFolderPathA
SHBrowseForFolderA

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
LoadTypeLi

urlmon

URLDownloadToFileA

version

GetFileVersionInfoA
VerQueryValueA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetErrorDlg
HttpOpenRequestA

gdiplus

GdipDeleteGraphics
GdipGetImagePixelFormat
GdipFree
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipAlloc

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29.3MB - Virtual size: 29.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81dbadff28c405e0288121fd22fd5ba3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:deCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:39:ce:33:ac:91:6c:16:16:58:34:b4:e9:e6:c8:ec:76:a9:bf:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

version

wininet

gdiplus

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 14KB - Virtual size: 25KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 29.3MB - Virtual size: 29.3MB

.reloc Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:de
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:39:ce:33:ac:91:6c:16:16:58:34:b4:e9:e6:c8:ec:76:a9:bf:7d
Signer

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 14KB - Virtual size: 25KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 29.3MB - Virtual size: 29.3MB

.reloc
Size: 14KB - Virtual size: 14KB