cb91a3a8253d67_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cb91a3a8253d67_JC.exe
Size

840KB
MD5

cb91a3a8253d67cd7df8d6095bca75e0
SHA1

7f5959e93e141e64282d3f5db37ee7a5ab612b9e
SHA256

fd1516ac7fcbd9ec8abb732715e3d1c15a89de8e289215bfa145e3c6af4503e3
SHA512

6bf3efa9e34250d49a0d22ee4e88807d2e5c794b609329bfbf3192576838f373a830811de2f3c12c7198c48a173b56f601a62f2f45f2aacaa3eeb1a43bdb67d2
SSDEEP

12288:TxIPM4KUoUBd1xlOEE5cm2kkI2y9a70ak7hWVYERQA+88OS1eDjZB4PROrUhxea:uPMJ01nm2jtybXhM+88ReDj/Uhca

Score

1^/10

Malware Config

Signatures

Files

cb91a3a8253d67_JC.exe
.exe windows x86

7b96a3dec2e4c49874e3f3503d69b544

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:f0:15:23:ba:fa:4b:15:a9:f2:fa:7a:66:9d:1f:87
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/07/2021, 00:00

Not After

30/08/2023, 23:59

Subject

CN=ElectraWorks Limited,OU=IT,O=ElectraWorks Limited,L=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:31:5e:ad:ce:5e:af:68:c6:56:29:dc:a3:a2:92:56:70:d4:e2:7b:c5:66:63:2e:0c:f8:9e:ab:c2:2c:b2:bd
Signer

Actual PE Digest

27:31:5e:ad:ce:5e:af:68:c6:56:29:dc:a3:a2:92:56:70:d4:e2:7b:c5:66:63:2e:0c:f8:9e:ab:c2:2c:b2:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlib

ord81
ord82
ord83
ord80
ord84
ord61
ord62
ord67
ord68
ord72
ord65
ord66
ord64
ord63

kernel32

GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcpynW
WaitForSingleObject
FindNextFileW
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetSystemInfo
GetTempPathW
GetTimeZoneInformation
GetCurrentProcessId
GlobalMemoryStatus
FindFirstFileW
FindClose
GetCurrentThread
GetVersion
EnumResourceLanguagesW
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
GetACP
GetLocaleInfoW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
ExitThread
GetVersionExW
LoadLibraryW
Sleep
ExitProcess
CreateFileW
SetFilePointer
ReadFile
CloseHandle
IsBadWritePtr
WriteFile
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
VirtualProtect
GetCurrentProcess
FlushInstructionCache
FreeLibrary
SuspendThread
FreeResource
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
CreateFileA
GetDateFormatA
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
CreateThread
SetCurrentDirectoryW
GetExitCodeThread
TerminateThread
GetFileAttributesW
RemoveDirectoryW
MoveFileW
ResumeThread
OutputDebugStringW
GetPrivateProfileSectionW
InterlockedDecrement
LocalFree
InterlockedIncrement
lstrlenW
GetTickCount
WideCharToMultiByte
lstrcmpiW
DeleteFileW
GetLastError
CopyFileW
GetPrivateProfileStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
VirtualAlloc
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
GetDriveTypeA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
WritePrivateProfileStringW
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
ConvertDefaultLocale
LoadLibraryExW
CompareStringA
InterlockedExchange
GetFileSizeEx
GetFileAttributesExW
CreateEventW
SetEvent
SetThreadPriority
LocalAlloc
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
lstrlenA
lstrcmpA
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError

gdi32

GetRgnBox
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
DeleteObject
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
LPtoDP
DPtoLP
GetStockObject
GetDeviceCaps
GetTextExtentPointW
GetTextMetricsW
SelectObject
CreateFontW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetObjectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateRectRgn
GetMapMode
GetViewportExtEx
GetWindowExtEx

user32

SetRect
IsRectEmpty
MessageBeep
RegisterClipboardFormatW
CopyAcceleratorTableW
PostThreadMessageW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
FindWindowW
GetWindowThreadProcessId
GetClassLongW
WindowFromDC
GetSysColor
GetCursorPos
GetKeyState
GrayStringW
GetFocus
EqualRect
DrawTextW
FillRect
IsWindow
wvsprintfW
DrawTextExW
LoadCursorW
KillTimer
OffsetRect
SetCursor
ReleaseCapture
SetCapture
RedrawWindow
PtInRect
GetWindowLongW
SetWindowLongW
FindWindowExW
GetWindowRect
ShowWindow
GetDlgItem
GetClassNameW
GetWindowTextW
SetWindowTextW
ScreenToClient
CopyRect
BeginPaint
EndPaint
ClientToScreen
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
GetDC
ReleaseDC
RegisterWindowMessageW
SetTimer
IsWindowVisible
InvalidateRect
MessageBoxW
PostQuitMessage
UpdateWindow
GetClientRect
EnableWindow
GetParent
SendMessageW
PostMessageW
CharNextW
GetNextDlgGroupItem
TabbedTextOutW
InvalidateRgn
UnregisterClassW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperW
GetWindowDC
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
SetWindowPos
GetMenu
CallWindowProcW
DefWindowProcW
SetWindowPlacement
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
SetForegroundWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
IsWindowEnabled
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetMessageW
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
DestroyMenu

ole32

CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
CoRevokeClassObject
CLSIDFromProgID
OleInitialize
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
GetErrorInfo
OleCreateFontIndirect
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
OleLoadPicture
SystemTimeToVariantTime
SafeArrayDestroy
VariantTimeToSystemTime

oledlg

ord3
OleUIBusyW
ord1

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHChangeNotify
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
ord680

comctl32

ord17

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegCreateKeyW
RegEnumKeyExW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
MapGenericMask
AccessCheck
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFindExtensionW
PathAppendW
SHCopyKeyW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindFileNameW

wsock32

inet_addr
WSACleanup
gethostname
WSAStartup
gethostbyname

wininet

InternetSetOptionW
InternetCloseHandle
InternetSetStatusCallbackW
InternetCrackUrlW
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFileExA
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetReadFile
InternetGetConnectedStateExW
InternetCanonicalizeUrlW
HttpAddRequestHeadersW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetWriteFile

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b96a3dec2e4c49874e3f3503d69b544

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:f0:15:23:ba:fa:4b:15:a9:f2:fa:7a:66:9d:1f:87Certificate

Extended Key Usages

Key Usages

27:31:5e:ad:ce:5e:af:68:c6:56:29:dc:a3:a2:92:56:70:d4:e2:7b:c5:66:63:2e:0c:f8:9e:ab:c2:2c:b2:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

zlib

kernel32

gdi32

user32

ole32

oleaut32

oledlg

shell32

comctl32

advapi32

version

shlwapi

wsock32

wininet

comdlg32

winspool.drv

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 149KB - Virtual size: 148KB

.data Size: 14KB - Virtual size: 54KB

.rsrc Size: 112KB - Virtual size: 112KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:f0:15:23:ba:fa:4b:15:a9:f2:fa:7a:66:9d:1f:87
Certificate

27:31:5e:ad:ce:5e:af:68:c6:56:29:dc:a3:a2:92:56:70:d4:e2:7b:c5:66:63:2e:0c:f8:9e:ab:c2:2c:b2:bd
Signer

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 149KB - Virtual size: 148KB

.data
Size: 14KB - Virtual size: 54KB

.rsrc
Size: 112KB - Virtual size: 112KB