223e103d378b6aexeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

223e103d378b6aexeexe_JC.exe
Size

1.1MB
MD5

223e103d378b6a1fc00918beec59408f
SHA1

427454dc110fb3450c7608d042deab0f6dbc54e2
SHA256

9f5a2cbb48e1c7d3f2b5b1994f6fcd25d654e16f48f5b58e525808c27a439c0e
SHA512

116e27d54add68c3309b519a8138d43cd5aaa990f06db26d4023ede5cc6b159b8778337b272ce95b9630cfc65465f5058ffe2510ae4f7af754219161a07f5a23
SSDEEP

12288:CE2dHCvisFs1SQwnW9aT/jr/jjSvLXJ3H/7qovfOoOIcKnojG9nus44:CE4Qa0WQTbmF3zqouoOIcXGZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
223e103d378b6aexeexe_JC.exe

Files

223e103d378b6aexeexe_JC.exe
.exe windows x86

feaf38802655998e103516cf390e42dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
CreateTimerQueue
ReleaseMutex
CreateMutexW
GetCommandLineW
GetCurrentProcess
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
WriteFile
ReadFile
CreateNamedPipeW
GetSystemFirmwareTable
TerminateThread
DeleteTimerQueue
LoadLibraryW
FreeLibrary
WaitForMultipleObjectsEx
ReadFileEx
CancelIo
CreateTimerQueueTimer
CreateThread
WTSGetActiveConsoleSessionId
GetUserDefaultUILanguage
WideCharToMultiByte
lstrlenW
SetStdHandle
HeapReAlloc
lstrlenA
SetConsoleCtrlHandler
RtlUnwind
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
LCMapStringW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetCurrentProcessId
ProcessIdToSessionId
OpenEventW
WaitForSingleObject
SetLastError
DeleteTimerQueueTimer
GetLastError
ChangeTimerQueueTimer
GetPrivateProfileStringW
GetModuleHandleW
Sleep
SetEvent
GetProcAddress
LocalAlloc
LocalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
HeapFree
ExitProcess
RaiseException
HeapAlloc
GetCurrentThread
TlsFree
MultiByteToWideChar
GetExitCodeThread
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
CreateFileW
DeviceIoControl
CloseHandle
GetModuleFileNameW
InterlockedExchange
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
ExitThread
GetCurrentThreadId
ResumeThread
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW

advapi32

RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser

user32

UpdateWindow
RegisterWindowMessageW
SetLayeredWindowAttributes
ShowWindow
SetWindowPos
SetWindowRgn
GetSystemMetrics
LoadImageW
GetCursorPos
SendInput
InvalidateRect
MsgWaitForMultipleObjects
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyIcon
IsWindow
GetWindowLongW
BeginPaint
EndPaint
PostQuitMessage
SetWindowLongW
SetClassLongW
DefWindowProcW

gdi32

CombineRgn
CreateCompatibleDC
CreateRectRgn
SetPixelV
GetPixel
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateDCW
DeleteObject
CreateRoundRectRgn
BitBlt
CreateSolidBrush
DeleteDC

shell32

Shell_NotifyIconW

shlwapi

StrStrW
wnsprintfW
StrCpyW
StrRChrW
ColorRGBToHLS
ColorHLSToRGB
PathFileExistsW
StrCpyNW

imm32

ImmDisableIME

userenv

CreateEnvironmentBlock
UnloadUserProfile
LoadUserProfileW
DestroyEnvironmentBlock

crypt32

CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertCloseStore

wintrust

WinVerifyTrust

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSQueryUserToken

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

feaf38802655998e103516cf390e42dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

shlwapi

imm32

userenv

crypt32

wintrust

wtsapi32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 413KB - Virtual size: 412KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 413KB - Virtual size: 412KB

.reloc
Size: 572KB - Virtual size: 576KB