JC_93000c15b73c4ce9aac57998e6ee68abed5b2c546d37e51b2daf19dfb8406663

Sharing

Copy URL Twitter E-mail

General

Target

JC_93000c15b73c4ce9aac57998e6ee68abed5b2c546d37e51b2daf19dfb8406663
Size

556KB
MD5

ee4b6bf1f780741c8a51597d00d0f39d
SHA1

87278cf775a875581c783b348aeec83b0e2e4627
SHA256

93000c15b73c4ce9aac57998e6ee68abed5b2c546d37e51b2daf19dfb8406663
SHA512

c3bf901654e1aa8babe5b4eaa17ab0f8291bf4c7745d1fe92e1cae566962d5b6e51c658680c89552eec968b515abe94c6c81a6896ada27300a1822c24abcc273
SSDEEP

12288:T9vwMKDMvvRIki+VS9T5cDLkmyiTgl1xaSS:T9v4DCKkiSs5cnFxTgl1wSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JC_93000c15b73c4ce9aac57998e6ee68abed5b2c546d37e51b2daf19dfb8406663

Files

JC_93000c15b73c4ce9aac57998e6ee68abed5b2c546d37e51b2daf19dfb8406663
.exe windows x86

20e59c82e6d94663d2cba2212be23a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcurl

curl_easy_strerror
curl_easy_reset
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_slist_free_all
curl_slist_append

kernel32

GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
DuplicateHandle
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
ReadFile
WriteFile
WaitForSingleObject
Sleep
OpenProcess
GetLocalTime
GetTickCount
FindResourceExW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTempPathA
QueryDosDeviceA
CopyFileA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetProcessImageFileNameA
CreateDirectoryA
GetModuleFileNameA
GetPrivateProfileStringA
SetEvent
CreateMutexA
CreateEventA
OpenEventA
GetCurrentProcess
GetCurrentProcessId
CreateFileMappingA
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
OutputDebugStringA
EncodePointer
FindResourceW
EnterCriticalSection
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetLogicalDriveStringsA

comdlg32

GetFileTitleA

advapi32

LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetSpecialFolderPathA

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathIsDirectoryA
PathRemoveBackslashA
PathRemoveExtensionA
PathAddBackslashA

rpcrt4

UuidCreate

msvcr120

_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
??_V@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
isalnum
memchr
memcmp
atoi
free
memcpy_s
memmove_s
vsprintf_s
_vscprintf
_mbsrchr
system
realloc
?terminate@@YAXXZ
strchr
_stricmp
strrchr
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
fclose
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
tolower
_mbschr
_mbslwr_s
_mbsnbicmp
_access
strcpy_s
strcat_s
_mbscmp
strnlen
strcspn
malloc
remove
sprintf_s
localeconv
sscanf
sprintf
strpbrk
fopen
fread
_vsnprintf_s
_splitpath
isspace
atoll
strtoull
_Gettnames
_Strftime
_gmtime64_s
_mkgmtime64
strncmp
_time64
_localtime64_s
rename
abort
isalpha
isdigit
__iob_func
fseek
_errno
___mb_cur_max_func
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBDH@Z
_lock
_unlock
__uncaught_exception
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__pctype_func
isupper
___lc_codepage_func
__crtLCMapStringA
_calloc_crt
islower
setlocale
__crtSleep
_beginthreadex
??0critical_section@Concurrency@@QAE@XZ
??1critical_section@Concurrency@@QAE@XZ
?lock@critical_section@Concurrency@@QAEXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?unlock@critical_section@Concurrency@@QAEXXZ
_fsopen
_ismbblead
??0_Condition_variable@details@Concurrency@@QAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
__crtInitializeCriticalSectionEx
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv

libeay32

ord962
ord333
ord323
ord270
ord2936
ord269
ord3109
ord3883
ord2925
ord2712
ord2630

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20e59c82e6d94663d2cba2212be23a92

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

comdlg32

advapi32

shell32

shlwapi

rpcrt4

msvcr120

libeay32

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 9KB - Virtual size: 35KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 9KB - Virtual size: 35KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB