MJDXAAAA[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MJDXAAAA.exe
Size

3.2MB
MD5

97ddc892d8f1d8a785d3d7d2511e9fd9
SHA1

0fcd8fc1b30b0a846483cae8e4dd989e270fdcac
SHA256

8a07978115fc92ef155f42388c85bc03a76897417aec165dde84b9909e2658f5
SHA512

a10f73fdca4df32870fe235b358cb60820ef5c2388392e9a7789369d0062e96feea67d5da3ae58a27b852aad1469aa990c804354fecf2ef82836e60ba310aa17
SSDEEP

24576:4SDOGdSTWEpwIwF7uXecQ7mVlWa3fKAzYTHIv9q9CHpWiVBOfCFFq+Db/1A8ckcJ:BalTWxSe3gKlwq9cFOqFzDZAuHKz0i

Score

1^/10

Malware Config

Signatures

Files

MJDXAAAA.exe
.exe windows x86

231decd845556a4a7828e61e055eabb1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2017, 00:00

Not After

18/01/2019, 23:59

Subject

CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanamsi,ST=Gyeonggido,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/08/2018, 00:00

Not After

20/09/2020, 23:59

Subject

SERIALNUMBER=220-81-63160,CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ee:df:e2:3e:65:fc:36:c5:f4:25:15:90:5b:be:72:6d:55:36:70:2e:97:bb:e2:27:23:ee:0d:d3:de:1b:a3:0f
Signer

Actual PE Digest

ee:df:e2:3e:65:fc:36:c5:f4:25:15:90:5b:be:72:6d:55:36:70:2e:97:bb:e2:27:23:ee:0d:d3:de:1b:a3:0f

Digest Algorithm

sha256

PE Digest Matches

true

0d:d7:4c:7d:5b:da:f7:06:c1:1d:6e:7b:ee:fb:2a:21:a9:03:12:3b
Signer

Actual PE Digest

0d:d7:4c:7d:5b:da:f7:06:c1:1d:6e:7b:ee:fb:2a:21:a9:03:12:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

PathAppendA
PathStripToRootA
PathAppendW
PathStripToRootW
PathAddExtensionA
PathFileExistsW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

uxtheme

SetWindowTheme

kernel32

GetProcAddress
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
DeleteFileW
GetSystemDirectoryA
CopyFileA
DeleteFileA
CopyFileExA
GetModuleHandleA
CreateFileA
LoadLibraryA
SetLastError
GetVersionExA
GetModuleHandleExA
GetModuleFileNameA
GetModuleFileNameW
GetWindowsDirectoryA
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
IsDebuggerPresent
OutputDebugStringW
GetCurrentProcessId
DeleteCriticalSection
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
WaitForSingleObject
GetSystemInfo
GlobalMemoryStatusEx
GetSystemDefaultLangID
GetUserDefaultLangID
OpenMutexA
GetCurrentThreadId
SetCurrentDirectoryA
DeviceIoControl
SleepEx
ExitThread
OpenProcess
GetVersion
CreateThread
CreateEventA
SetThreadPriority
SetEvent
GetPrivateProfileStringW
GetModuleHandleW
ReleaseMutex
TerminateProcess
CreateMutexA
LocalFree
IsWow64Process
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetHandleInformation
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
RtlUnwind
RaiseException
HeapAlloc
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
LoadLibraryExW
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetFileAttributesExW
GetWindowsDirectoryW
Sleep
ReadConsoleW
CloseHandle
GetLastError
WriteFile
CreateFileW
SetFileAttributesW
GetFileAttributesW
SizeofResource
LockResource
LoadResource
FindResourceA
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
FlushFileBuffers
HeapReAlloc
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
ReadFile
GetTickCount

user32

LoadStringA
LoadStringW
DefWindowProcA
PostQuitMessage
EnumChildWindows
ReplyMessage
InSendMessage
GetGUIThreadInfo
wsprintfA
SetDlgItemTextW
DestroyWindow
DestroyMenu
SystemParametersInfoA
PostMessageA
TrackPopupMenu
SetForegroundWindow
CheckMenuItem
AppendMenuA
GetSubMenu
LoadMenuA
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
GetKeyboardState
ToAscii
SendInput
MapVirtualKeyExA
GetKeyboardLayout
MapVirtualKeyA
GetWindowTextA
IsWindow
GetAsyncKeyState
GetCursorPos
ReleaseDC
GetDC
GetWindowRect
KillTimer
GetClassNameW
SetTimer
UpdateWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
FindWindowA
GetPropW
ShowWindow
EndDialog
RemovePropW
SetPropW
SetWindowPos
SendMessageA
GetClientRect
SetParent
SetWindowTextA
GetDlgItem
DialogBoxParamW
GetWindowThreadProcessId
LoadImageW
wsprintfW
LoadImageA
DestroyIcon
MessageBoxW
GetClassNameA
GetForegroundWindow
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
GetWindow
GetWindowTextW
FindWindowExA
EndPaint
BeginPaint
UnregisterClassA
SendMessageW
CreateDialogParamA

gdi32

SelectObject
GetObjectA
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
GetDeviceCaps

advapi32

RegCreateKeyExA
ControlService
StartServiceA
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
GetCurrentHwProfileA
RegOpenKeyExA
GetSecurityDescriptorSacl
RegSetValueExA
RegFlushKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
Shell_NotifyIconW

ole32

CoInitializeEx

imm32

ImmGetDefaultIMEWnd

Exports

Exports

DelAll_KSvcInfo_kill_process

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

231decd845556a4a7828e61e055eabb1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

ee:df:e2:3e:65:fc:36:c5:f4:25:15:90:5b:be:72:6d:55:36:70:2e:97:bb:e2:27:23:ee:0d:d3:de:1b:a3:0fSigner

0d:d7:4c:7d:5b:da:f7:06:c1:1d:6e:7b:ee:fb:2a:21:a9:03:12:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

version

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 2.8MB - Virtual size: 3.8MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:8d:07:d8:de:aa:af:83:25:d5:2a:b0:59:5b:ba:3f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

ee:df:e2:3e:65:fc:36:c5:f4:25:15:90:5b:be:72:6d:55:36:70:2e:97:bb:e2:27:23:ee:0d:d3:de:1b:a3:0f
Signer

0d:d7:4c:7d:5b:da:f7:06:c1:1d:6e:7b:ee:fb:2a:21:a9:03:12:3b
Signer

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 2.8MB - Virtual size: 3.8MB