e6ea06c6f7b53007e854e986734e79bb0dd84680611e9a3ee9e586cc7a964bd2_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e6ea06c6f7b53007e854e986734e79bb0dd84680611e9a3ee9e586cc7a964bd2_JC.exe
Size

4.4MB
MD5

fb6c448f035f878fa53cf5ef18be4611
SHA1

1281f21fc45f6cf39837bb90367540fda8b5ca0d
SHA256

e6ea06c6f7b53007e854e986734e79bb0dd84680611e9a3ee9e586cc7a964bd2
SHA512

1965efbf0ea9ef79aa3da4c43a4f8603b4b9e86adfd328f6bd039d31605a90802920e56cf63882ff3006a4224c0d5ac1ef807170b255faaa514c8f0062b1fbd6
SSDEEP

49152:74jNK7Anf5WYoyY/PIsYgkBAASKeiq15Jj915tmfErb1OFrfFnFSteh5oWID8+AW:uMEEYuIsDAbfq1triL5oWIDsW

Score

1^/10

Malware Config

Signatures

Files

e6ea06c6f7b53007e854e986734e79bb0dd84680611e9a3ee9e586cc7a964bd2_JC.exe
.exe windows x64

3fa70d43fd8740c853f484160e706724

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

02/05/2023, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2189074,CN=Intel Corporation,O=Intel Corporation,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:fd:9b:92:50:b8:6e:c2:c5:ed:e2:1b:af:7c:24:ec:42:94:66:30:a0:54:cc:e3:f2:b2:cb:66:bd:fe:22:a8
Signer

Actual PE Digest

41:fd:9b:92:50:b8:6e:c2:c5:ed:e2:1b:af:7c:24:ec:42:94:66:30:a0:54:cc:e3:f2:b2:cb:66:bd:fe:22:a8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptGenRandom
CryptReleaseContext
RegGetValueW
RegCloseKey
RegOpenKeyExA
CryptAcquireContextW

kernel32

GetFileAttributesW
CreateFileW
CloseHandle
GetLastError
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
GetModuleFileNameW
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GetVolumePathNameW
GetDriveTypeW
GetFinalPathNameByHandleW
GetFileInformationByHandle
MoveFileExW
GetFileType
SetFileTime
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetCurrentProcess
DuplicateHandle
UnmapViewOfFile
FlushFileBuffers
GetSystemInfo
FindFirstFileExW
FindNextFileW
FindClose
GetSystemTime
SystemTimeToFileTime
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
SetFileInformationByHandle
SetLastError
TerminateProcess
GetCurrentProcessId
GetNativeSystemInfo
GetProcessTimes
SetErrorMode
GetCommandLineW
FindFirstFileW
GetLongPathNameW
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
WriteConsoleW
CreateProcessW
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
WaitForSingleObject
SetProcessAffinityMask
ResumeThread
K32GetProcessMemoryInfo
GetExitCodeProcess
SearchPathW
FormatMessageA
LocalFree
LeaveCriticalSection
LoadLibraryW
EnterCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
RtlCaptureContext
GetCurrentThread
GetCurrentThreadId
ExpandEnvironmentStringsW
RaiseException
SetThreadGroupAffinity
GetLogicalProcessorInformationEx
GetProcessGroupAffinity
GetProcessAffinityMask
VirtualProtect
FreeLibrary
LoadLibraryExA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
QueryPerformanceCounter
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetThreadLocale
LoadLibraryA
RtlUnwindEx
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetStdHandle
SetFilePointerEx
CreateThread
ExitThread
FreeLibraryAndExitThread
WriteFile
GetCommandLineA
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa70d43fd8740c853f484160e706724

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

41:fd:9b:92:50:b8:6e:c2:c5:ed:e2:1b:af:7c:24:ec:42:94:66:30:a0:54:cc:e3:f2:b2:cb:66:bd:fe:22:a8Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 986KB - Virtual size: 985KB

.data Size: 60KB - Virtual size: 84KB

.pdata Size: 63KB - Virtual size: 63KB

_RDATA Size: 5KB - Virtual size: 4KB

.trace Size: 6KB - Virtual size: 5KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 43KB - Virtual size: 43KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

41:fd:9b:92:50:b8:6e:c2:c5:ed:e2:1b:af:7c:24:ec:42:94:66:30:a0:54:cc:e3:f2:b2:cb:66:bd:fe:22:a8
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 986KB - Virtual size: 985KB

.data
Size: 60KB - Virtual size: 84KB

.pdata
Size: 63KB - Virtual size: 63KB

_RDATA
Size: 5KB - Virtual size: 4KB

.trace
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 43KB - Virtual size: 43KB