_JsGubwe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

_JsGubwe.exe
Size

6.3MB
MD5

feb1699f3aec555fd048094faa94d7ed
SHA1

3ed36237b2f2d37dc5351844f18dccf249fd7a0a
SHA256

6a196fd4716a6bef6f3d1676e47fcf513b34dcc12d99110bb6af4aacb7e15fff
SHA512

6fcbfcbd2c9198b9d71b67bd12d22a746004ce6ed183b7e747bf8c4a2ba0ff2aa8476ff4c8f1945c81a8af1107c4f30072126fee067f37bd06cc60fa458012c0
SSDEEP

49152:cZsP5NHARSx1CS6+MFjCq3Dz5Xn4BWKJtb9a4PRyeAuNIdxEBkc6KDBr7e3Fre/g:G

Score

1^/10

Malware Config

Signatures

Files

_JsGubwe.exe
.exe windows x64

75c8bf1c9af400a8443d23dff3b017cd

Code Sign

0b:e3:f3:93:d1:ef:02:72:ae:d0:e2:31:9c:1b:5d:d0
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05-01-2018 00:00

Not After

31-12-2019 12:00

Subject

CN=Invincea\, Inc.,O=Invincea\, Inc.,L=Fairfax,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:e1:62:fe:93:a5:fd:d3:38:72:19:e5:45:55:90:e9
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-12-2017 00:00

Not After

13-03-2021 12:00

Subject

CN=Invincea\, Inc.,O=Invincea\, Inc.,L=Fairfax,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:e8:11:25:33:8d:3f:79:c9:f5:b4:91:eb:49:8b:a9:76:ff:e9:c9:e7:4e:d8:dd:a7:5f:fb:87:61:d5:b9:d6
Signer

Actual PE Digest

b6:e8:11:25:33:8d:3f:79:c9:f5:b4:91:eb:49:8b:a9:76:ff:e9:c9:e7:4e:d8:dd:a7:5f:fb:87:61:d5:b9:d6

Digest Algorithm

sha256

PE Digest Matches

false

73:5b:17:46:34:97:b6:58:42:57:26:9e:53:60:fb:8a:8a:e6:ed:14
Signer

Actual PE Digest

73:5b:17:46:34:97:b6:58:42:57:26:9e:53:60:fb:8a:8a:e6:ed:14

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumValueA
RegEnumKeyExA
RegDeleteTreeA
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegSaveKeyW
RegGetKeySecurity
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
CryptAcquireContextW
CryptImportKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptVerifySignatureW
EventProviderEnabled
EventWrite
EventRegister
EventUnregister
CryptDestroyKey
RegDeleteKeyA
RegDeleteKeyValueW
RegDeleteKeyValueA
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
RegQueryInfoKeyA

kernel32

GetTempFileNameW
GetTempPathW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileExW
GetFileAttributesExW
FileTimeToSystemTime
FindAtomW
AddAtomW
DeleteAtom
LoadLibraryExA
SetLastError
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
GetCurrentThread
OpenEventW
LocalFree
SetFilePointer
DeleteFileW
GetModuleHandleA
EncodePointer
SetThreadStackGuarantee
SetErrorMode
GetErrorMode
GlobalMemoryStatusEx
WerRegisterFile
CopyFileW
HeapLock
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
ResumeThread
SetThreadPriority
GetSystemInfo
DuplicateHandle
SetEvent
ResetEvent
CreateEventW
SetEnvironmentVariableW
GetSystemDirectoryW
CreateMutexW
GetUserDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CompareFileTime
GetCommandLineW
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
Sleep
lstrlenA
WideCharToMultiByte
GetStdHandle
GetEnvironmentVariableW
GetTickCount
CreateSemaphoreW
OpenProcess
LoadLibraryW
WriteFile
ReadFile
CreateFileW
CloseHandle
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileSizeEx
GetPrivateProfileSectionW
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
GetModuleHandleExW
FlushViewOfFile
InitializeCriticalSection
MulDiv
ReleaseMutex
FlushFileBuffers
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsValidCodePage
GetACP
ReleaseSemaphore
GetSystemDefaultUILanguage
GetSystemPreferredUILanguages
MoveFileW
GetVersionExA
SwitchToThread
InitializeCriticalSectionAndSpinCount
OpenMutexW
RaiseException
DecodePointer
SetDllDirectoryW
HeapSetInformation
LoadLibraryExW
lstrcmpiW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FindResourceExW
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
InitializeCriticalSectionEx
SizeofResource
LockResource
LoadResource
FindResourceW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleW
SetUnhandledExceptionFilter
CreateProcessW

user32

GetScrollPos
GetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollBarInfo
EnableScrollBar
DefWindowProcW
DefWindowProcA
GetQueueStatus
WaitMessage
GetMessageW
GetMessageA
SetScrollPos
LoadImageW
LoadIconW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
ReleaseDC
GetDC
UnregisterClassW
CharNextW
MessageBoxW
LoadStringW
GetClipboardFormatNameW
ValidateRect
GetGuiResources
PostThreadMessageW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
GetSystemMetrics
SetScrollInfo
SystemParametersInfoA
PeekMessageA
GetScrollRange

imm32

ImmAssociateContext

shell32

SHGetFolderPathW
SHGetFileInfoW
SHCreateDirectoryExW
SHFileOperationW

ole32

CLSIDFromString
CreateStreamOnHGlobal
StringFromCLSID
CoInitialize
CoCreateGuid
CoGetCurrentLogicalThreadId
CreateItemMoniker
GetRunningObjectTable
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
IIDFromString
CoUninitialize

oleaut32

VariantTimeToSystemTime
SetErrorInfo
GetErrorInfo
SafeArrayRedim
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysStringLen
VarUI4FromStr
VarBstrCat
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrCmpIW
StrToInt64ExW
StrToIntExW
PathIsRelativeW
SHCreateStreamOnFileEx
PathIsFileSpecW
SHDeleteKeyW
PathMatchSpecW
PathRemoveBlanksW
PathFindExtensionW
PathIsDirectoryW
PathStripPathW
PathCombineW
AssocQueryStringW
PathRenameExtensionW
StrStrIW
PathRemoveBackslashW
PathRemoveExtensionW
PathAddBackslashW
PathCanonicalizeW

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusStartup
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipCreateBitmapFromResource
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGraphicsClear
GdipSetInterpolationMode
GdipCreateBitmapFromFile

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptUnprotectData

psapi

GetPerformanceInfo

gdi32

GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject

Exports

Exports

GetCallstack64
IsAssertEtwEnabled
SetOnAssertCallback
WriteAssertEtwEventA
WriteAssertEtwEventW

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75c8bf1c9af400a8443d23dff3b017cd

Code Sign

0b:e3:f3:93:d1:ef:02:72:ae:d0:e2:31:9c:1b:5d:d0Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

09:e1:62:fe:93:a5:fd:d3:38:72:19:e5:45:55:90:e9Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b6:e8:11:25:33:8d:3f:79:c9:f5:b4:91:eb:49:8b:a9:76:ff:e9:c9:e7:4e:d8:dd:a7:5f:fb:87:61:d5:b9:d6Signer

73:5b:17:46:34:97:b6:58:42:57:26:9e:53:60:fb:8a:8a:e6:ed:14Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

imm32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

crypt32

psapi

gdi32

Exports

Exports

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 18KB - Virtual size: 17KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 718KB - Virtual size: 718KB

.reloc Size: 4KB - Virtual size: 3KB

0b:e3:f3:93:d1:ef:02:72:ae:d0:e2:31:9c:1b:5d:d0
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

09:e1:62:fe:93:a5:fd:d3:38:72:19:e5:45:55:90:e9
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b6:e8:11:25:33:8d:3f:79:c9:f5:b4:91:eb:49:8b:a9:76:ff:e9:c9:e7:4e:d8:dd:a7:5f:fb:87:61:d5:b9:d6
Signer

73:5b:17:46:34:97:b6:58:42:57:26:9e:53:60:fb:8a:8a:e6:ed:14
Signer

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 18KB - Virtual size: 17KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 718KB - Virtual size: 718KB

.reloc
Size: 4KB - Virtual size: 3KB