d0b6faf9bb722053f91ed10260ea8940_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d0b6faf9bb722053f91ed10260ea8940_JC.exe
Size

41KB
MD5

d0b6faf9bb722053f91ed10260ea8940
SHA1

f735b82019512fc3eeeca0d19778478e6539595d
SHA256

73ad11ff45b24e86a49f6951d1f8638f835d2ff0da8eb3d7c1c9142409c7b828
SHA512

954dbc646a5936a1a8e6f4d4dc1ea50b9bd25d156c7eab99d3a17441dc04d687bcbc84a7b124a217decfb012b593f0dee0ba87a212d9c564007cabb9faa16189
SSDEEP

384:+GEtqyLUmBrTEsVDfPG74xYGfSLJf6J985Z6Vz/V9fLlC5wq0KTW87l9gyNJwHVw:uDBr3SrW9JbtyNJPo1d9LSjzFVeSay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0b6faf9bb722053f91ed10260ea8940_JC.exe

Files

d0b6faf9bb722053f91ed10260ea8940_JC.exe
.dll windows:6 windows x64

8e7a57f0ca344562bcfa35a4fbc5c9b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ida

under_debugger
callui
qcalloc
qsnprintf
set_file_ext
getinf_buf
netnode_kill
netnode_supval
netnode_supdel
node2ea
set_array_parameters
setup_selector
get_next_seg
get_first_seg
set_segm_end
disable_flags
get_dword
qlread
get_bytes
del_items
create_data
create_align
verror
get_fileregion_ea
set_name
get_prev_fixup_ea
auto_mark_range
open_linput
get_struc
get_member
get_member_by_name
add_struc
add_struc_member
set_member_cmt
debug
close_linput
lread
show_auto
set_fixup
getn_sreg_range
get_sreg_ranges_qty
set_default_dataseg
set_default_sreg_value
split_sreg_range
get_sreg
create_filename_cmt
base2file
file2base
vloader_failure
set_processor_type
get_ph
bin_search2
put_word
get_word
get_byte
is_mapped
next_addr
vadd_extra_line
update_segm
get_segm_base
set_segm_class
set_segm_name
set_segm_base
set_segm_start
getnseg
getseg
get_segm_qty
add_segm_ex
get_segm_by_sel
find_selector
sel2para
qlseek
qlsize
netnode_altshift
netnode_supnext
netnode_supfirst
netnode_supset
netnode_altval
netnode_set
netnode_valobj
netnode_check
qfputc
qftell
qfwrite
setinf
getinf
qvector_reserve
get_file_ext
qfree
put_byte
interr

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

__std_exception_destroy
__std_exception_copy
__C_specific_handler
__intrinsic_setjmp
strrchr
__std_type_info_destroy_list
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
longjmp
__std_terminate
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
abort
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

_stricmp
strncmp

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

Exports

Exports

LDSC

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e7a57f0ca344562bcfa35a4fbc5c9b3

Headers

DLL Characteristics

File Characteristics

Imports

ida

msvcp140

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 80B