18423ccd67a80dexe_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

18423ccd67a80dexe_JC.exe
Size

1.9MB
MD5

18423ccd67a80dd8addf86da2475a30f
SHA1

401b49693277df8a621bcb34116b87b93a61db75
SHA256

debac35411e81b2022272380a5afe5f073464ea0bcb9e1ed9ab93b9ffc3c610b
SHA512

67bec93f2ab37e8cc5aed7aca66e6b2deff2052cb5c9aeb70061b94cd75c7cac32e6e63d83319491a292dd54732952b57ad4c7fc118a52a0ad4d8fee84212ade
SSDEEP

49152:HCA9r3i7p3mW/nN7WLd5k7PDwvKEY9/x2hOwiDNGV1QfXCCl0BBGrZKd2T:HPAgW/nNod5k7PDwSEYL2hOwiDYEtl0m

Score

1^/10

Malware Config

Signatures

Files

18423ccd67a80dexe_JC.exe
.exe windows x86

3101b3630f62fb80daa2e8ad7483238d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/04/2011, 00:00

Not After

18/04/2014, 23:59

Subject

CN=SAP AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=SAP Production CSA 2011,O=SAP AG,L=Walldorf/Baden,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sapfewut

InitTraceDir
InitTmpDir
InitBuffer

sappctxt

SapPcTxtUnLoad
SapPcTxtRead
SapPcTxtLoad
SapPcTxtGetDefaultLanguage

kernel32

GetStdHandle
IsValidCodePage
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsProcessorFeaturePresent
HeapCreate
GetStringTypeW
CompareStringW
LCMapStringW
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
CreateProcessA
TerminateProcess
WaitForSingleObject
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
LocalHandle
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetDateFormatA
GetTimeFormatA
ExpandEnvironmentStringsA
GetProcAddress
LoadLibraryA
VirtualProtect
GlobalFree
GlobalUnlock
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
HeapReAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
HeapAlloc
RemoveDirectoryA
HeapFree
GlobalLock
GetModuleHandleA
SetLastError
DeactivateActCtx
GetLastError
ActivateActCtx
GlobalAlloc
Sleep
GetProfileIntA
SearchPathA
FindResourceA
lstrlenA
lstrcmpW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
CreateFileA
GetFileSize
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
FileTimeToSystemTime
GetThreadLocale
GetACP
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
FindResourceExW
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
lstrcmpA
GetModuleHandleW
InterlockedExchange
GetCurrentProcessId
FreeLibrary
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
MulDiv
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
MultiByteToWideChar

user32

GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
InvalidateRgn
SetRect
CharNextA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
DrawStateA
EnumChildWindows
LockWindowUpdate
IsRectEmpty
IsMenu
GetSystemMenu
MonitorFromPoint
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
DestroyIcon
LoadAcceleratorsA
IsIconic
InsertMenuItemA
IntersectRect
BringWindowToTop
TranslateAcceleratorA
SetClassLongA
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsW
DestroyAcceleratorTable
CharUpperA
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
PostThreadMessageA
LoadMenuW
KillTimer
SetTimer
InvalidateRect
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
UnregisterClassA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorA
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
GetSystemMetrics
DestroyMenu
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
RegisterClipboardFormatA
SystemParametersInfoA
OffsetRect
MessageBeep
IsZoomed
PostQuitMessage
GetWindowThreadProcessId
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
IsCharLowerA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
CopyRect
PtInRect
DestroyCursor
GetWindowRgn
DrawIcon
GetDoubleClickTime
CreateMenu
SubtractRect
CopyIcon
CharUpperBuffA
GetUpdateRect
FrameRect
TranslateMDISysAccel
GetWindowTextLengthA
GetWindowTextA
MoveWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
IsClipboardFormatAvailable
MapVirtualKeyExA
SetWindowContextHelpId
GetKeyNameTextA
SendDlgItemMessageA
CheckDlgButton
SetPropA
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropA
RemovePropA
GetAsyncKeyState
GetFocus
SetFocus
GetWindowRect
GetWindowLongA
PostMessageA
GetDlgItem
IsWindowEnabled
MessageBoxA
GetWindow
LoadIconW
EnableWindow
SendMessageA
GetParent
SetMenuDefaultItem
UpdateLayeredWindow
ModifyMenuA
UnionRect
GetMenuItemInfoA
GetNextDlgGroupItem

gdi32

DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
EnumFontFamiliesExA
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
EnumFontFamiliesA
GetTextCharsetInfo
OffsetRgn
GetRgnBox
GetTextColor
SetDIBColorTable
PatBlt
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
SetRectRgn
GetMapMode
DPtoLP
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
Rectangle
GetWindowOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
GetLayout
SetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateBitmap
GetObjectA
CreateRoundRectRgn
SetTextColor
SetBkColor

msimg32

AlphaBlend
TransparentBlt

comdlg32

ChooseFontA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
DeviceCapabilitiesA
EnumPrintersA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
DragFinish
SHGetFileInfoA
ShellExecuteA
SHAppBarMessage
DragQueryFileA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHGetValueA
PathRemoveFileSpecW

ole32

OleLockRunning
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleGetClipboard
DoDragDrop
CoUninitialize

oleaut32

OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocStringLen
VariantChangeType
VariantClear

oledlg

ord8

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetImagePalette
GdipDrawImageRectI
GdipSetInterpolationMode

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3101b3630f62fb80daa2e8ad7483238d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

sapfewut

sappctxt

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 292KB - Virtual size: 292KB

.data Size: 25KB - Virtual size: 54KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 173KB - Virtual size: 172KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 292KB - Virtual size: 292KB

.data
Size: 25KB - Virtual size: 54KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 173KB - Virtual size: 172KB