855de3b48dc1d3_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

855de3b48dc1d3_JC.exe
Size

4.9MB
MD5

855de3b48dc1d38e022c10cd3393f5f9
SHA1

6d935c70d49bf64a9f76c9331ceea79eeac5b55f
SHA256

45f737a44ac1f492f8b39f19f81091de72564456cd5e9aff514e43dd33b20f61
SHA512

aabb792b1eddd976d24165e7c4fbe3633755212f9c8ea4b777861153cf79d8fc7a3c031746278f0c78db8778adb35ce9772e9a68be8c51ed070ac4c961f93573
SSDEEP

98304:pwKwbap3hNn13nUnVhCL2fTI2+xWm9pnJYZ8eBO8/t:Kb8nUnVhm27I2EWm9Yig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
855de3b48dc1d3_JC.exe

Files

855de3b48dc1d3_JC.exe
.exe windows x86

1307c4a7515e8c1f1be5e2cc8a996945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileA
D3DXCreateTextureFromFileExA
D3DXMatrixDecompose
D3DXSaveTextureToFileA
D3DXMatrixInverse
D3DXCreateTexture
D3DXCreateSprite
D3DXMatrixTransformation2D
D3DXMatrixMultiply

dsound

ord11

winmm

timeBeginPeriod

user32

AdjustWindowRectEx
CreateWindowExA
ChangeDisplaySettingsA
GetWindowLongA
PostQuitMessage
DefWindowProcA
SetWindowPos
UpdateWindow
ShowWindow
DisableProcessWindowsGhosting
GetDesktopWindow
RegisterClassExA
LoadCursorA
LoadIconA
ScreenToClient
SetWindowLongA
GetWindowRect
SetFocus
PeekMessageA
ChangeDisplaySettingsExA
EnumDisplaySettingsA
EnumDisplayDevicesA
DispatchMessageA
MessageBoxA
ShowCursor
TranslateMessage

gdi32

GetStockObject

advapi32

GetUserNameA
CryptDestroyKey
CryptGenKey
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegSetValueExW
RegCloseKey
RegQueryValueExA
CryptGetProvParam
CryptEnumProvidersA
CryptGetUserKey
CryptExportKey
CryptImportKey
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
SafeArrayGetElement
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayCreateVector

avcodec-55

av_free_packet
avcodec_close
avcodec_decode_video2
avcodec_find_decoder
avcodec_open2
avpicture_fill
avpicture_get_size

avformat-55

av_read_frame
av_register_all
av_seek_frame
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_open_input
avio_alloc_context

swscale-2

sws_freeContext
sws_getCachedContext
sws_scale

avutil-52

av_frame_alloc
av_free
av_malloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

htmlrendererdll_redist_mt_d

HtmlRendererDll_SetDataBuffer
HtmlRendererDll_SetPostPaintCallback
HtmlRendererDll_SetLoadingCallback
HtmlRendererDll_NavigateTo
HtmlRendererDll_SendMouseMove
HtmlRendererDll_SendMouseDown
HtmlRendererDll_SendMouseUp
HtmlRendererDll_DestroyWindow
HtmlRendererDll_Update
HtmlRendererDll_Init
HtmlRendererDll_CreateWindow

kernel32

GetConsoleCP
SetFilePointerEx
FatalAppExitA
GetConsoleMode
FlushFileBuffers
SetConsoleCtrlHandler
IsValidCodePage
GetCurrentProcessId
GetFileType
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DeviceIoControl
DecodePointer
CreateEventA
SetEvent
CloseHandle
GetModuleFileNameA
GetSystemTimeAsFileTime
GetFileSizeEx
CreateFileA
OutputDebugStringA
Sleep
LoadLibraryA
GetTickCount
FreeLibrary
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CreateThread
GetACP
LoadLibraryW
GetFileSize
GetLastError
LocalFree
GetOEMCP
GetSystemTime
GetTimeZoneInformation
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetFileAttributesExW
MoveFileW
CopyFileW
DeleteFileW
GetFileAttributesW
SetFilePointer
CreateDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
SetFileTime
SetFileAttributesW
CreateDirectoryExW
FileTimeToLocalFileTime
RemoveDirectoryW
FindClose
FindNextFileA
FindFirstFileA
WriteFile
GetProcessHeaps
HeapValidate
HeapUnlock
HeapWalk
HeapLock
GetSystemDirectoryA
GetComputerNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
CompareFileTime
SystemTimeToFileTime
GetLocalTime
CreateFileW
DeleteFileA
MoveFileA
RemoveDirectoryA
CopyFileA
GetFileAttributesA
FormatMessageA
GetTempPathA
CreateDirectoryA
SetFileAttributesA
GetVersionExA
LocalAlloc
FileTimeToDosDateTime
FindFirstFileW
FindNextFileW
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetEndOfFile
GetProcessHeap
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetStdHandle
CompareStringW
MoveFileExW
GetDiskFreeSpaceExW
SetLastError
GetModuleHandleA
AreFileApisANSI
QueryPerformanceFrequency
QueryPerformanceCounter
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
HeapAlloc
GetModuleHandleW
ExitProcess
GetTimeFormatA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThread
GetFileTime
GetFileInformationByHandle
GetDateFormatA
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
HeapSize
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetCurrentThreadId
SetEnvironmentVariableA
ReadFile
IsBadReadPtr

ole32

StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

wininet

InternetCombineUrlA

crypt32

CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
CryptVerifyMessageSignature
CryptEncryptMessage
CryptDecryptMessage
CryptDecodeMessage
CryptVerifyDetachedMessageSignature
CryptEncodeObject
CryptSignMessage
PFXExportCertStoreEx
PFXVerifyPassword
PFXImportCertStore
CertGetSubjectCertificateFromStore
CertDeleteCertificateFromStore
CertSaveStore
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertOpenSystemStoreA
CertOpenStore
CertCloseStore
CertNameToStrA
CertFreeCertificateContext
CertSetCertificateContextProperty
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertGetCertificateContextProperty
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetIntendedKeyUsage
CryptDecodeObject
CertVerifyRevocation
CertStrToNameA
CertCreateSelfSignCertificate
CryptMsgOpenToDecode

ws2_32

socket
WSAStartup
accept
setsockopt
recv
send
shutdown
closesocket
gethostname
getservbyport
gethostbyaddr
getservbyname
htonl
inet_addr
WSASetLastError
bind
listen
select
ioctlsocket
connect
gethostbyname
getpeername
getsockname
inet_ntoa
ntohs
htons
WSAGetLastError

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1307c4a7515e8c1f1be5e2cc8a996945

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

dsound

winmm

user32

gdi32

advapi32

oleaut32

avcodec-55

avformat-55

swscale-2

avutil-52

version

htmlrendererdll_redist_mt_d

kernel32

ole32

wininet

crypt32

ws2_32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 819KB - Virtual size: 819KB

.data Size: 363KB - Virtual size: 392KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 176KB - Virtual size: 176KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 819KB - Virtual size: 819KB

.data
Size: 363KB - Virtual size: 392KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 176KB - Virtual size: 176KB