ee0b1451221273exe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ee0b1451221273exe_JC.exe
Size

974KB
MD5

ee0b14512212731e2e54195f39db1546
SHA1

fa9d2531c837a2e14f6256d1503b38d9f94d46ea
SHA256

5b046666cd2a4cbc76d27f83b56f4aac9af07be943833b2b8a121e43c9fec6ec
SHA512

f22fc0e4a668d9f956137519e5cfc2cc695c229d32ce3863afdaf65f72ff6afcc23bdbef4d89c39ac55ac5ca8f571b245b3ce00db859d705681cb39281804cb6
SSDEEP

12288:lur5fSCT24SHbZdku8w6qYAGI6bBDzuuj32TAFL3VLFhA/H0l1:6vSHbZdkHDXW6bBDCY3NFL3VYvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee0b1451221273exe_JC.exe

Files

ee0b1451221273exe_JC.exe
.exe windows x86

a897eb1ad2f78a646b492a7839c9bac0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
WSAGetLastError
socket
bind
htonl
htons
listen
connect
gethostbyaddr
inet_addr
select
closesocket
gethostname
WSACreateEvent
shutdown
WSAStartup
WSAEnumNetworkEvents
WSASetEvent
WSAWaitForMultipleEvents
WSAResetEvent
send
recv
getsockopt
setsockopt
gethostbyname
WSACleanup
accept
WSAEventSelect

kernel32

ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
DosDateTimeToFileTime
SetFileTime
WriteFile
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
GetFileInformationByHandle
lstrcmpA
InterlockedExchange
CompareStringA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentProcessId
GetTickCount
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetFileAttributesA
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
FileTimeToLocalFileTime
GetModuleFileNameW
CreateMutexA
ReleaseMutex
MoveFileA
GetStringTypeExA
GetThreadLocale
FlushFileBuffers
GetCurrentProcess
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetShortPathNameA
GetModuleHandleW
InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
LocalFileTimeToFileTime
GetFileSizeEx
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
ExitThread
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
HeapCreate
VirtualFree
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
DuplicateHandle
GetFileType
SetFilePointer
TerminateThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
OutputDebugStringA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcatA
ReleaseSemaphore
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA
GetCurrentThreadId
FormatMessageA
LocalFree
lstrcmpiA
MulDiv
GlobalFree
GetDriveTypeA
CreateFileA
GetLongPathNameA
GetEnvironmentVariableA
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
lstrcpynA
ResetEvent
SetEvent
CreateEventA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
ResumeThread
SetEnvironmentVariableA
DeviceIoControl
CopyFileA
RemoveDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
CreateDirectoryA
SetFileAttributesA
InterlockedDecrement
lstrcpyA
GetModuleHandleA
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
WaitForSingleObject
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GetTempPathA
lstrlenA
MultiByteToWideChar
Sleep
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetCommandLineA
LockFile

user32

GetSystemMenu
CharUpperA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
InflateRect
GetMenuItemInfoA
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetCapture
GetNextDlgGroupItem
UnregisterClassA
WindowFromPoint
GetDCEx
LockWindowUpdate
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
PtInRect
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetSystemMetrics
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
SetFocus
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
DeleteMenu
GetDlgItem
IsWindowEnabled
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
AppendMenuA
GetMenuItemCount
RegisterWindowMessageA
SetParent
SetActiveWindow
RedrawWindow
GetSubMenu
DrawAnimatedRects
EnumChildWindows
GetWindowRect
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
LoadImageA
DestroyIcon
GetWindowLongA
DefWindowProcA
ValidateRect
LoadCursorA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
SetWindowLongA
ShowWindow
PeekMessageA
GetMessageA
KillTimer
SetTimer
TranslateMessage
DispatchMessageA
DestroyWindow
PostThreadMessageA
IsIconic
GetLastActivePopup
ModifyMenuA
GetMenuItemID
GetClassNameA
FindWindowA
MessageBeep
GetWindow
IsWindowVisible
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
GetClientRect
MoveWindow
WaitForInputIdle
IsWindow
InvalidateRect
IsRectEmpty
IsZoomed
UnpackDDElParam
ReuseDDElParam
DestroyMenu
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
CopyRect
GetSysColor
BringWindowToTop
TranslateAcceleratorA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
BeginDeferWindowPos
EndDeferWindowPos
SendDlgItemMessageA
GetTopWindow
FillRect
SetRect
SendMessageA
LoadIconA
GetDC
ReleaseDC
wsprintfA
EnableWindow
UpdateWindow
PostMessageA
GetWindowThreadProcessId
EnumWindows
MessageBoxA
LoadMenuA

gdi32

GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetViewportExtEx
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
CreateRectRgn
SelectClipRgn
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateFontA
GetCharWidthA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetStockObject
GetDeviceCaps
IntersectClipRect
ExcludeClipRect
SetMapMode
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegNotifyChangeKeyValue
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegConnectRegistryA
RegFlushKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHCreateDirectoryExA
Shell_NotifyIconA
SHAppBarMessage
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
SHGetSpecialFolderLocation

comctl32

ord17

shlwapi

PathCombineA
PathAddBackslashA
PathIsRelativeA
PathFindFileNameA
PathRelativePathToA
PathStripPathA
StrNCatA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleLoadPicture
VariantChangeType
VariantClear
VariantInit
SysFreeString
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect

wsock32

WSASetLastError

gdiplus

GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromStreamICM
GdipGetImageHeight
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdiplusStartup
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHWND
GdipCloneImage
GdipCreateFromHWNDICM

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a897eb1ad2f78a646b492a7839c9bac0

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

gdiplus

Sections

.text Size: 634KB - Virtual size: 634KB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 21KB - Virtual size: 44KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 634KB - Virtual size: 634KB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 21KB - Virtual size: 44KB

.rsrc
Size: 96KB - Virtual size: 96KB