4a2ffddf8f0bd1exeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4a2ffddf8f0bd1exeexe_JC.exe
Size

2.1MB
MD5

4a2ffddf8f0bd104bd507ec1cff7b3ee
SHA1

52605cedd0cf14c760f3948ddcc2b7d7e22f00ae
SHA256

ffda2979aa72ff844ed7e78e146cf90dbdd64ab87a1d5476a6c6b20f8e83a9c3
SHA512

db35073632105f372894cca746deead6efc80be7f19b51dff33fad1477873291e18090f8810fb52f05d74196f6e1888c1b794296f5281807fcfe411213aa085f
SSDEEP

49152:KBsQPgFrUBHVxIbOWWZQW7gxnTxfuvXI8dZ:rryyOWWzD

Score

1^/10

Malware Config

Signatures

Files

4a2ffddf8f0bd1exeexe_JC.exe
.exe windows x86

f1127d5a8c7af5a054de2def0fbf9572

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/06/2022, 00:00

Not After

30/07/2025, 23:59

Subject

CN=GameHouse Europe B.V.,OU=GameHouse Original Stories BV,O=GameHouse Europe B.V.,L=Eindhoven,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/06/2022, 00:00

Not After

30/07/2025, 23:59

Subject

CN=GameHouse Europe B.V.,OU=GameHouse Original Stories BV,O=GameHouse Europe B.V.,L=Eindhoven,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:35:9a:31:f4:de:2f:44:89:e7:f1:2f:8f:77:51:63:ef:7e:9a:65:69:9a:46:ba:2e:9a:a6:4a:6c:5a:88:34
Signer

Actual PE Digest

65:35:9a:31:f4:de:2f:44:89:e7:f1:2f:8f:77:51:63:ef:7e:9a:65:69:9a:46:ba:2e:9a:a6:4a:6c:5a:88:34

Digest Algorithm

sha256

PE Digest Matches

false

d5:c4:4e:77:00:dd:74:3d:31:f5:26:4c:b0:f9:b5:97:9c:3e:aa:69
Signer

Actual PE Digest

d5:c4:4e:77:00:dd:74:3d:31:f5:26:4c:b0:f9:b5:97:9c:3e:aa:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
SHGetFolderPathW

kernel32

ReadConsoleInputA
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GlobalMemoryStatus
VirtualFree
SetConsoleMode
VirtualAlloc
LoadLibraryA
GetProcAddress
IsBadStringPtrW
FreeLibrary
ReleaseMutex
CreateMutexA
GetLastError
SetUnhandledExceptionFilter
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetTickCount
GetCurrentProcess
TerminateProcess
ExitProcess
OpenMutexA
CreateProcessW
OpenProcess
LocalFree
LocalAlloc
GetModuleHandleA
ResumeThread
AssignProcessToJobObject
SetInformationJobObject
CreateIoCompletionPort
CreateJobObjectA
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetModuleFileNameA
GetModuleFileNameW
SetEnvironmentVariableA
GetEnvironmentVariableA
WriteFile
CreateFileW
FlushFileBuffers
WaitForSingleObject
GetCurrentThreadId
DeviceIoControl
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
GetSystemWindowsDirectoryW
GetSystemPowerStatus
GlobalMemoryStatusEx
GetSystemInfo
GetNativeSystemInfo
GetVersion
SetEvent
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetDiskFreeSpaceExA
GetQueuedCompletionStatus
GetExitCodeProcess
GetComputerNameA
GetVolumeInformationA
GetWindowsDirectoryA
WideCharToMultiByte
UnlockFileEx
GetTempPathW
GetDriveTypeA
GetCurrentThread
GetLongPathNameW
GetCurrentDirectoryW
LockFileEx
CreateDirectoryW
CreateThread
GetExitCodeThread
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
MultiByteToWideChar
RaiseException
RtlUnwind
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleHandleW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FindClose
FindFirstFileExW
SetFileAttributesW
GetFileAttributesW
MoveFileW
RemoveDirectoryW
DeleteFileW
SetEndOfFile
GetProcessHeap
HeapReAlloc
FindFirstFileExA
FindNextFileW
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
HeapSize
SetConsoleCtrlHandler
LoadLibraryW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
ReadFile
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetFullPathNameW
CreateFileA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetFullPathNameA
CompareStringW
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
SetFilePointer
GetShortPathNameW

crypt32

CryptQueryObject
CertFreeCertificateContext
CertCloseStore
CertGetNameStringA
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose

wsock32

WSASetLastError
WSAGetLastError
ntohs
getsockname
__WSAFDIsSet
gethostbyname
inet_ntoa
select
WSACleanup
WSAStartup
send
shutdown
accept
connect
recv
socket
bind
closesocket
listen
htonl
setsockopt
htons
getservbyname
getsockopt

advapi32

RegQueryValueExA
RevertToSelf
OpenProcessToken
AllocateAndInitializeSid
OpenThreadToken
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenCurrentUser
RegCreateKeyExW
CreateServiceA
ChangeServiceConfig2A
GetTokenInformation
CreateProcessAsUserW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
SetServiceStatus
RegCloseKey
DeregisterEventSource
ReportEventA
StartServiceCtrlDispatcherA
DeleteService
RegisterServiceCtrlHandlerA
ControlService
QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegisterEventSourceA

user32

EnumWindows
GetForegroundWindow
IsWindowVisible
IsWindow
GetKeyboardState
keybd_event
SetWindowPos
SetForegroundWindow
GetWindowTextA
GetWindowThreadProcessId
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

netapi32

Netbios

ws2_32

getaddrinfo
freeaddrinfo

wintrust

WinVerifyTrust

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1127d5a8c7af5a054de2def0fbf9572

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

65:35:9a:31:f4:de:2f:44:89:e7:f1:2f:8f:77:51:63:ef:7e:9a:65:69:9a:46:ba:2e:9a:a6:4a:6c:5a:88:34Signer

d5:c4:4e:77:00:dd:74:3d:31:f5:26:4c:b0:f9:b5:97:9c:3e:aa:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

crypt32

wsock32

advapi32

user32

netapi32

ws2_32

wintrust

ole32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 330KB - Virtual size: 330KB

.data Size: 27KB - Virtual size: 49KB

.rsrc Size: 77KB - Virtual size: 76KB

.reloc Size: 92KB - Virtual size: 92KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:72:af:42:c6:5f:08:d1:aa:45:c0:c1:b9:de:92:0f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

65:35:9a:31:f4:de:2f:44:89:e7:f1:2f:8f:77:51:63:ef:7e:9a:65:69:9a:46:ba:2e:9a:a6:4a:6c:5a:88:34
Signer

d5:c4:4e:77:00:dd:74:3d:31:f5:26:4c:b0:f9:b5:97:9c:3e:aa:69
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 330KB - Virtual size: 330KB

.data
Size: 27KB - Virtual size: 49KB

.rsrc
Size: 77KB - Virtual size: 76KB

.reloc
Size: 92KB - Virtual size: 92KB