44c436dcb9680fexeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

44c436dcb9680fexeexe_JC.exe
Size

4.1MB
MD5

44c436dcb9680f2d3f97077a6102386d
SHA1

484690ae4eabe2c4423d45daf577dc053908cc19
SHA256

1f445452ca3d4d480b5b603cb0a5bdaafd0df4465ee71c6e806ec6701e52ec5e
SHA512

d7c486c6acbca53ef2f96befd154ce528db4ff93d19694c472dc55540f07477d9448712ed11adb29ed540f5b3bd55e9bb665c83a942996b2f4e77835a55e3e60
SSDEEP

98304:Fa+7zyvah7etLFDU5BXC6th27b+PkZ5v+lPd6/PJc:0+7zzFC3b+++lPd6/PJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c436dcb9680fexeexe_JC.exe

Files

44c436dcb9680fexeexe_JC.exe
.exe windows x86

7c991979f5004dfd140d7e8926b66054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oberaser

eraserIsValidContext
eraserCreateContextEx
eraserSetWindow
eraserSetWindowMessage
eraserClearItems
eraserSetDataType
eraserAddItemA
eraserRemoveFolderA
eraserStart
eraserGetDataType
eraserProgGetCurrentDataStringA
eraserProgGetMessageA
eraserDispFlags
eraserProgGetPercent
eraserProgGetTotalPercent
eraserProgGetCurrentPass
eraserProgGetPasses
eraserProgGetTimeLeft
eraserStop
eraserIsRunning
eraserFailedCount
eraserErrorStringCount
eraserCompleted
eraserTerminated
eraserFailed
eraserStatGetWiped
eraserStatGetTime
eraserErrorStringA
eraserFailedStringA
eraserInit
eraserDestroyContext

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
GetStringTypeW
FreeEnvironmentStringsW
HeapSize
QueryPerformanceCounter
CompareStringW
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetExitCodeProcess
GetCurrentDirectoryW
CreateFileW
SetEnvironmentVariableA
GetLogicalDriveStringsA
GetDriveTypeA
GetOverlappedResult
ReleaseMutex
LCMapStringA
InterlockedCompareExchange
HeapQueryInformation
ExitThread
GetEnvironmentStringsW
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetVolumeInformationA
GetWindowsDirectoryA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetLocalTime
GetACP
MultiByteToWideChar
GetLastError
FormatMessageA
LocalFree
TerminateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateThread
lstrlenA
lstrcpyA
OutputDebugStringA
GetCurrentProcess
CloseHandle
GetEnvironmentVariableA
CreateFileA
SetFilePointer
ReadFile
GetDiskFreeSpaceA
FileTimeToLocalFileTime
WriteFile
FlushFileBuffers
Sleep
DeleteFileA
OpenProcess
TerminateProcess
InterlockedDecrement
WinExec
IsValidCodePage
lstrcmpA
DeviceIoControl
GetLogicalDrives
GetFileAttributesA
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
DecodePointer
EncodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetNumberFormatA
GetTempFileNameA
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
SetErrorMode
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleW
InterlockedExchange
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
FindFirstFileW
InterlockedIncrement
FindNextFileW
GetStringTypeExA
CopyFileA
GlobalSize
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
GetCurrentProcessId
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
ActivateActCtx
DeactivateActCtx
SetLastError
lstrcmpW
IsWow64Process
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
FindNextFileA
FindFirstFileA
GetFileSize
GetFileInformationByHandle
WaitForMultipleObjects
CreateEventA
SetEvent
WaitForSingleObject
CreateProcessA
GetVersionExA
GetModuleFileNameA
CreateMutexA
GlobalFree
GlobalAlloc
FreeLibrary
LoadLibraryExA
GetDriveTypeW
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetFilePointerEx
GetDiskFreeSpaceExA
MoveFileA
FindClose

user32

RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LoadImageA
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
GetSystemMenu
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
IsZoomed
DestroyIcon
MessageBeep
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
DeleteMenu
WaitMessage
UnregisterClassA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoA
ShowOwnedPopups
GetMessageA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IntersectRect
InflateRect
ShowWindow
MoveWindow
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
DefFrameProcA
GetKeyNameTextA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
BeginPaint
GetDC
SendMessageA
GetClientRect
LoadStringA
IsWindow
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
IsWindowEnabled
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
GetMenuItemID
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
LoadImageW
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
DestroyCursor
MapVirtualKeyA
GetWindowRgn
GetWindowDC
ReleaseDC
GetWindowRect
EnableWindow
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
GetMessagePos
ScreenToClient
wsprintfA
KillTimer
LoadBitmapW
CopyRect
DrawFocusRect
EndPaint
OffsetRect
InvalidateRect
LockWindowUpdate
PostMessageA
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
LoadMenuW
GetSubMenu
GetWindowLongA
GetCapture
GetCursorPos
WindowFromPoint
GetSysColor
ClientToScreen
ReleaseCapture
GetParent
GetNextDlgGroupItem
SystemParametersInfoA
PtInRect
DrawTextA
TabbedTextOutA
DrawTextExA
GrayStringA
SetCapture
SetTimer
FillRect
SetWindowRgn
LoadCursorA
SetCursor
SetWindowTextA
GetWindowThreadProcessId
GetWindow
SetWindowPos
SetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
DefMDIChildProcA

gdi32

ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
GetStockObject
PatBlt
CreateCompatibleDC
GetObjectA
SelectObject
BitBlt
StretchBlt
GetTextExtentPoint32A
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgn
SetBkMode
SetTextColor
CreateFontIndirectA
SetBkColor
GetDeviceCaps
CopyMetaFileA
CreateDCA
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
CreatePalette
SetStretchBltMode

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueA
RegDeleteValueA
RegCreateKeyExA
AddAce
RegGetKeySecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CopySid
GetTokenInformation
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
ClearEventLogA
GetUserNameA
RegQueryInfoKeyA
RegSetValueExA
GetSecurityInfo
LookupAccountSidA
RegLoadKeyA
CloseEventLog
OpenEventLogA
RegEnumValueA
RegQueryValueExA
RegUnLoadKeyA
RegFlushKey
AdjustTokenPrivileges

shell32

DragFinish
SHGetSpecialFolderPathA
SHEmptyRecycleBinA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHChangeNotify
DragQueryFileA
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent

shlwapi

SHDeleteKeyA
PathFileExistsA
StrStrIA
SHDeleteValueA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromString
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CoInitializeEx
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoTaskMemFree
CoLockObjectExternal
RegisterDragDrop
CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
OleGetClipboard

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
OleCreateFontIndirect
SafeArrayDestroy
SysAllocStringLen
SysStringLen
VariantChangeType
SysAllocString
VariantCopy
VariantInit
SysAllocStringByteLen
SysFreeString
VariantClear

oledlg

ord8

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

hid

HidD_GetAttributes
HidD_GetHidGuid
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_FlushQueue

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 39KB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c991979f5004dfd140d7e8926b66054

Headers

DLL Characteristics

File Characteristics

Imports

oberaser

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

setupapi

hid

wininet

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 385KB - Virtual size: 384KB

.data Size: 39KB - Virtual size: 4.9MB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 320KB - Virtual size: 324KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 385KB - Virtual size: 384KB

.data
Size: 39KB - Virtual size: 4.9MB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 320KB - Virtual size: 324KB