540ee3b555d77a_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

540ee3b555d77a_JC.exe
Size

2.0MB
MD5

540ee3b555d77a431fed64f37ca30601
SHA1

fd289a767fc0e145cac4383d6ff08a15de7077af
SHA256

a30ddb1ab871740971d7cad5478fbb77885adc34149b0170121fc43c365a8d48
SHA512

84127134ee5ac636f45a17a827edcb56431730efb6af7744840a0361962e0f508e26545617614caca917bda3f19022b554010afdb92f1c73fb6e995cb0820669
SSDEEP

49152:o5/hc+bTChxKCnFnQXBbrtgb/iQvu0UHOMd:K/hc+6hxvWbrtUTrUHOO

Score

1^/10

Malware Config

Signatures

Files

540ee3b555d77a_JC.exe
.exe windows x86

294b848753ada699feb12b20d4edeeaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/10/2014, 00:00

Not After

27/10/2015, 23:59

Subject

CN=Fuji Xerox Co.\, Ltd.,OU=Controller Platform Development III,O=Fuji Xerox Co.\, Ltd.,L=6-1 Minatomirai\, Nishi-ku\, Yokohama-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:65:0c:bb:80:83:89:61:aa:d2:db:06:fe:64:72:11:a9:a3:78:42
Signer

Actual PE Digest

96:65:0c:bb:80:83:89:61:aa:d2:db:06:fe:64:72:11:a9:a3:78:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
LeaveCriticalSection
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GlobalFlags
FlushFileBuffers
GetModuleHandleA
GlobalFindAtomW
CompareStringW
GetVersionExA
InterlockedDecrement
MulDiv
GlobalUnlock
FreeResource
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
GlobalLock
LoadLibraryA
GetLocalTime
WritePrivateProfileSectionW
GetModuleFileNameW
IsDBCSLeadByteEx
FormatMessageW
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetPrivateProfileSectionW
MoveFileExW
GetProcAddress
GetVersionExW
SetFileAttributesW
GetTickCount
Sleep
DeleteFileW
LoadLibraryW
GetUserDefaultUILanguage
WriteProfileStringW
GetPrivateProfileStringW
GetWindowsDirectoryW
WritePrivateProfileStringW
lstrcatW
LocalAlloc
LocalFree
lstrcpynW
GlobalAlloc
GlobalFree
GetProfileStringW
GetSystemDirectoryW
SetLastError
FreeLibrary
lstrlenW
GetLastError
lstrcmpiW
FindFirstFileW
FindClose
MultiByteToWideChar
lstrlenA
lstrcpyW
lstrcmpW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
HeapCreate
SizeofResource

user32

GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetWindowTextW
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
SetPropW
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
GetCursorPos
SetForegroundWindow
FindWindowW
PtInRect
GetWindowRect
EnableWindow
SendMessageW
UnregisterClassW
GetSysColorBrush
LoadCursorW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
PeekMessageW
SendMessageTimeoutW
wsprintfW
GetActiveWindow
MessageBoxW
LoadBitmapW
OffsetRect
ScreenToClient
GetClientRect
LoadIconW
GetSystemMenu
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
GetClassNameW
GetClassLongW
GetCapture
DestroyWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetMenuItemID

gdi32

PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DPtoLP
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW
CreateFontIndirectW
SetBkColor
SetTextColor
GetClipBox
GetStockObject
SelectObject
DeleteDC
DeleteObject
GetObjectW
GetDeviceCaps

winspool.drv

EnumPrinterDriversW
EnumPrintersW
ClosePrinter
GetPrinterW
OpenPrinterW
DocumentPropertiesW
DeletePrinterDriverW
DeletePrinterConnectionW
DeletePrinter
GetPrinterDriverDirectoryW
DeleteMonitorW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
StartServiceW
ControlService
QueryServiceStatus
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenServiceW
EnumDependentServicesW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

294b848753ada699feb12b20d4edeeaf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

96:65:0c:bb:80:83:89:61:aa:d2:db:06:fe:64:72:11:a9:a3:78:42Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

version

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 11KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

16:f0:9c:19:4c:5f:3e:14:93:86:03:2e:68:40:25:85
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

96:65:0c:bb:80:83:89:61:aa:d2:db:06:fe:64:72:11:a9:a3:78:42
Signer

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 11KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB