413938bc6bde45exeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

413938bc6bde45exeexe_JC.exe
Size

1.1MB
MD5

413938bc6bde4547f91aa4c598256646
SHA1

9b14490a27553fcf566693d5a8f599a1bf616400
SHA256

28116f4f399cd59648e087d55695fb28ff15e8281ca1b7f7f6d9f08228da3e14
SHA512

8a821a922ee1a3457a879be8f9c474b43695fb5abbfdbdd8d4c408cf00302a9e216e184e70f6c2501eb674edebd98c59585ef45ec28e674f72431b39a448304d
SSDEEP

12288:+W1VScoVdaJT8HQ/nn/FQBTfsMCOPVLWVOBjvrEH7L:+cWVQP/FQxfdPtrEH7L

Score

1^/10

Malware Config

Signatures

Files

413938bc6bde45exeexe_JC.exe
.exe windows x86

0d2dde3a42ad477130c7b616cb91f7f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:38:1e:40:74:05:2c:4c:04:f5:f6:f0:d7:8a:96:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/10/2012, 00:00

Not After

25/10/2013, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:bb:3b:08:d9:87:96:2f:be:a9:24:f7:ea:81:4c:d1:a9:a4:f9:95
Signer

Actual PE Digest

44:bb:3b:08:d9:87:96:2f:be:a9:24:f7:ea:81:4c:d1:a9:a4:f9:95

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
WritePrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
RaiseException
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
GetFileAttributesW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
InterlockedDecrement
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetSystemDirectoryA
LoadLibraryA
ReadFile
WriteFile
CreateFileW
ReleaseMutex
lstrcatW
lstrcmpW
WaitForSingleObject
CreateProcessW
SetLastError
lstrcpyA
lstrcmpiW
lstrlenA
lstrcmpiA
GetSystemDefaultLangID
GetUserDefaultLangID
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
MultiByteToWideChar
FindResourceExW
WideCharToMultiByte
lstrlenW
lstrcpyW
GetCurrentProcess
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
Sleep
CreateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
VirtualFree
SizeofResource

user32

UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
CharUpperW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
ShowWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetDesktopWindow
GetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
WinHelpW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetActiveWindow
IsWindow
LoadIconW
LoadImageW
GetParent
GetClientRect
SetRect
LoadBitmapW
PtInRect
ScreenToClient
GetMessagePos
MessageBoxW
DrawFocusRect
GetSysColor
FillRect
InflateRect
CopyRect
MessageBoxExW
PostMessageW
IsWindowVisible
EnableWindow
SendMessageW
SetDlgItemTextW
GetTopWindow
UnregisterClassA

gdi32

DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetStockObject
CreateSolidBrush
CreateFontIndirectW

comdlg32

GetFileTitleW

advapi32

RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
EqualSid
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d2dde3a42ad477130c7b616cb91f7f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:38:1e:40:74:05:2c:4c:04:f5:f6:f0:d7:8a:96:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:bb:3b:08:d9:87:96:2f:be:a9:24:f7:ea:81:4c:d1:a9:a4:f9:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 10KB - Virtual size: 25KB

.rsrc Size: 437KB - Virtual size: 437KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:38:1e:40:74:05:2c:4c:04:f5:f6:f0:d7:8a:96:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:bb:3b:08:d9:87:96:2f:be:a9:24:f7:ea:81:4c:d1:a9:a4:f9:95
Signer

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 437KB - Virtual size: 437KB