13d211d1243be2exe_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

13d211d1243be2exe_JC.exe
Size

2.0MB
MD5

13d211d1243be2ff4e5b96ea0b0f1fd7
SHA1

623ffceee9226d25b51861df6889ec385b8f3d25
SHA256

72f786a1946b5eff405b59dd332f5145cd3abd2a3570a8f2b8bd8f5b171ec8ca
SHA512

a00ad336107ecead30d8ae9904e0eb862f24db063aaf2498c4e8fd50e8bb168dbb548d9b3e408fa307bd5add8fa7cd56fc49af125cd30eb7f38c1e0b47304139
SSDEEP

49152:YEVKMhTMekgczNtVSG7PoV70h5GeyKSsD6s+E5/l1F8Dulx75Fxn3cNlCKfKPro:/hTMekNzxSG7Pw0yeyKSsD6JE5/lL8D5

Score

1^/10

Malware Config

Signatures

Files

13d211d1243be2exe_JC.exe
.exe windows x86

4b9004d888327914087276126233e252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/04/2011, 00:00

Not After

18/04/2014, 23:59

Subject

CN=SAP AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=SAP Production CSA 2011,O=SAP AG,L=Walldorf/Baden,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WritePrivateProfileStringA
GetCurrentProcessId
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
lstrcpyA
GetThreadLocale
FileTimeToSystemTime
GetSystemDirectoryW
FindResourceExW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetACP
DeleteFileA
lstrcmpiA
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetTickCount
GetProfileIntA
Sleep
SearchPathA
GetTempFileNameA
GetNumberFormatA
SetErrorMode
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
EncodePointer
DecodePointer
GetDriveTypeW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
IsValidCodePage
LCMapStringW
GetCurrentDirectoryW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetTimeZoneInformation
WriteConsoleW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
GetCurrentThread
GetModuleFileNameA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
lstrcmpW
CopyFileA
GlobalSize
FormatMessageA
MulDiv
FindResourceA
GlobalAlloc
ActivateActCtx
DeactivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GlobalLock
GlobalUnlock
GlobalFree
VirtualProtect
WaitForSingleObject
ResumeThread
HeapReAlloc
SetThreadPriority
SetLastError
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetWindowsDirectoryA
InterlockedDecrement
CreateProcessA
GetTempPathA
GetCurrentDirectoryA
lstrlenA
lstrlenW
MultiByteToWideChar
EnumSystemCodePagesA
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocalTime
GetLastError
LocalAlloc
GetPrivateProfileIntA
LocalFree

user32

SetClassLongA
GetSysColorBrush
CreatePopupMenu
SetParent
DrawStateA
DrawEdge
DrawFrameControl
DrawIconEx
EnumDisplayMonitors
SetLayeredWindowAttributes
RealChildWindowFromPoint
CopyImage
WaitMessage
DestroyIcon
CharNextA
CopyAcceleratorTableA
SetRect
InvalidateRgn
GetNextDlgGroupItem
UnregisterClassA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
GetMenuDefaultItem
SetMenuDefaultItem
DestroyAcceleratorTable
SetCursorPos
FrameRect
CopyIcon
LockWindowUpdate
CharUpperBuffA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
PostThreadMessageA
GetIconInfo
GetDoubleClickTime
IsClipboardFormatAvailable
DestroyCursor
CreateMenu
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
GetUpdateRect
IsCharLowerA
MapVirtualKeyExA
SubtractRect
GetWindowRgn
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetWindowContextHelpId
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
PostQuitMessage
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
SetWindowsHookExA
MessageBeep
GetClassLongA
GetClassNameA
CharUpperA
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
CopyRect
PtInRect
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
GetWindowTextLengthA
GetWindowTextA
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
GetWindow
SetPropA
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
GetFocus
SetFocus
GetWindowLongA
GetDlgItem
IsWindowEnabled
MessageBoxA
EnableWindow
SendMessageA
IsWindow
KillTimer
UpdateWindow
DrawIcon
AppendMenuA
GetSubMenu
LoadMenuW
PostMessageA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
LoadIconW
GetCursorPos
GetSystemMetrics
SetRectEmpty
InflateRect
RedrawWindow
GetParent
LoadCursorA
NotifyWinEvent
ReleaseCapture
LoadCursorW
EnableScrollBar
HideCaret
SetCapture
IsZoomed
WindowFromPoint
SetTimer
SetWindowRgn
DeleteMenu
IntersectRect
GetForegroundWindow
OffsetRect
InvalidateRect
DrawFocusRect
InvertRect
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
CallNextHookEx
ClientToScreen
GetNextDlgTabItem

advapi32

AllocateAndInitializeSid
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegDeleteValueA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragFinish
SHGetFileInfoA
DragQueryFileA
DragAcceptFiles
ShellExecuteA
SHGetDesktopFolder
SHBrowseForFolderA
SHAppBarMessage

ole32

OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
DoDragDrop
CoInitialize
CoUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VariantChangeType
VariantCopy
SysFreeString
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect

msimg32

TransparentBlt
AlphaBlend

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
SHDeleteKeyA
PathIsUNCA

oledlg

ord8

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

gdi32

SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
CreateDCA
CopyMetaFileA
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
GetWindowExtEx
GetPixel
PtVisible
RectVisible
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
GetTextFaceA
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
SetPixelV
TextOutA
Escape
SelectObject
SetViewportOrgEx
CreatePen
CreateSolidBrush
CreateHatchBrush
GetBoundsRect
GetTextMetricsA
CreateRoundRectRgn
CreateEllipticRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
Polyline
Ellipse
Polygon
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
EnumFontFamiliesExA
SetRectRgn
GetMapMode
DPtoLP
GetRgnBox
CreateDIBSection
CreatePalette
GetPaletteEntries
RealizePalette
Rectangle
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
PtInRegion
FillRgn
FrameRgn
OffsetViewportOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

Exports

Exports

CPlApplet
ShowSAPConsoleAdminDialog

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9004d888327914087276126233e252

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

oledlg

gdiplus

oleacc

imm32

winmm

gdi32

winspool.drv

comdlg32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 48KB - Virtual size: 78KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 174KB - Virtual size: 174KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 48KB - Virtual size: 78KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 174KB - Virtual size: 174KB