e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac_JC.exe
Size

168KB
MD5

aef6452711538d9021f929a2a5f633cf
SHA1

205b7fab75e77d1ff123991489462d39128e03f6
SHA256

e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac
SHA512

7ad84d4d3bab3f5a3e14f336d8931bf4b876299000081b2a94a3fcf698c56b82514753b483c5b8d7ae84ddd92ee1c4043fa5e7fb7c4f7e9eb52ca8c794e508b7
SSDEEP

3072:+CNUaViEqjY1uimO3soWBgZNENeo0TzSCOtCUon/BA2gGaA44:dwEq7HO8ohEsxHSC+CUO/Bxk4

Score

1^/10

Malware Config

Signatures

Files

e611a1ffbe9e08a2660bc290a581aa0b54637524aaf6040a70e54f97136ce5ac_JC.exe
.exe windows:4 windows x86

b5f45ed360fac97fdee3add77145c0dc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:50:ab:af:84:97:ce:d1:2b:31:fb:13:2d:d6:e8:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06/06/2007, 00:00

Not After

07/07/2010, 23:59

Subject

CN=ICQ,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=ICQ,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LockResource
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
LocalFree
TerminateProcess
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
RaiseException
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
ExitProcess
LoadLibraryExW
GetCurrentProcessId
CreateEventW
GetModuleFileNameW
GetLongPathNameW
VirtualQuery
GetPrivateProfileStringW
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetVersion
GetProcAddress
SetLastError
CreateMutexW
LocalAlloc
GetModuleHandleW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleHandleA
lstrcmpA
lstrlenA
OpenMutexW
GetLastError

user32

UnregisterClassW
SetWindowLongW
GetClassInfoExW
wsprintfW
LoadCursorW
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
MessageBoxW
PostQuitMessage
DestroyWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
SendMessageW
AllowSetForegroundWindow
IsWindow
FindWindowW
GetWindowLongW

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
SafeArrayUnlock
VariantTimeToSystemTime
SafeArrayLock
SafeArrayCreate
VariantChangeTypeEx
VariantChangeType

mkernel

?CreateInstance@MNCS@@YGJABU_GUID@@0PAPAX@Z
?GetPropertyHostName@MNPropertySet@@YGJPAUIUnknown@@PAPAG@Z
?Uninitialize@MNCS@@YGJXZ
?Initialize@MNCS@@YGJXZ

mcorelib

?IsUpdateEnabled@MNAppUtils@@YA_NXZ
?GetApp@MNAppUtils@@YAPAUMIDApp@@XZ

mutils

?FileExists@MCFile@@SA_NPBG@Z
?AppendFileNameToSpec@MCFile@@SA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PBG0@Z
?RunProgram@MNRunUtils@@YAJPBG0@Z
??1MCRegKey@@UAE@XZ
?Read@MCRegKey@@QAEJPBGAAV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z
?Open@MCRegKey@@QAEJPAUHKEY__@@PBGK@Z
??0MCRegKey@@QAE@XZ
??1MCModuleVersion@@UAE@XZ
?GetFileVersionInfoW@MCModuleVersion@@QAEHPBG@Z
??0MCModuleVersion@@QAE@XZ
?GetModulePath@MCFile@@SA_NPAUHINSTANCE__@@AAV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z
?CopyFile2TempDir@MCFile@@SAJPBGAAV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z

shlwapi

PathAppendW

msvcp71

?_Nomemory@std@@YAXXZ

xprt6

_XprtUninitialize@0
_XprtInitialize@8
_XprtMemFree@4
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
??0TBstr@XPRT@@QAE@XZ
?Detach@TBstr@XPRT@@QAEPAGXZ
??0TBstr@XPRT@@QAE@PBG@Z
??1TBstr@XPRT@@QAE@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
kSystemEncoding
_XprtMemAlloc@4
_XprtGetSystemInfo@0
xprt_strlcpy
??0TBstr@XPRT@@QAE@ABV01@@Z
_XprtAtomicIncrement@4
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
xprt_strcmp
?Compare@TBstr@XPRT@@QBEHPBG@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_memmove
xprt_memset
_XprtAtomicDecrement@4
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Empty@TBstr@XPRT@@QAEXXZ
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
??0TBstr@XPRT@@QAE@GH@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?Init@TCritSec@XPRT@@QAEXXZ
?Term@TCritSec@XPRT@@QAEXXZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TCritSec@XPRT@@QAEXXZ
?Unlock@TCritSec@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
xprt_ucslcpy
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
??0TMd5Digest@XPRT@@QAE@H@Z
xprt_memcpy
?GetLength@TBstr@XPRT@@QBEHXZ
xprt_strlen
?ReverseFind@TBstr@XPRT@@QBEHG@Z
xprt_iswdigit
?Format@TBstr@XPRT@@QAAXPBGZZ

muiutils

?Initialize@MNShellGlobals@@YAJV?$EEPtr@VEEObject@@@@@Z
??0MCDTDParser@@QAE@XZ
?GetDTDPath@MCDTDParser@@QAE?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V23@ABV23@1PAV23@@Z
?LoadDtdStringsMap@MCDTDParser@@QAEJABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAPAV?$map@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@U?$less@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@std@@V?$allocator@U?$pair@$$CBV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@@std@@@4@@std@@@Z
??1MCDTDParser@@QAE@XZ
?Uninitialize@MNShellGlobals@@YAJXZ
??0MCCommandLineParser@@QAE@XZ
?ParseCommandLine@MCCommandLineParser@@QAEJABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z
??1MCCommandLineParser@@UAE@XZ
?GetValue@MCCommandLineParser@@QAE_NABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAV23@@Z

msvcr71

_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
__security_error_handler
??1type_info@@UAE@XZ
_onexit
__dllonexit
qsort
strcmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
_except_handler3
free
__CxxFrameHandler
_CxxThrowException
wcslen
memmove
realloc
??3@YAXPAX@Z
wcsncmp
wcscmp
_vscwprintf
vswprintf
_wtol
_wtoi
setlocale
_itow
_purecall
memset
malloc
_callnewh
wcsftime
_snwprintf
exit

muicorelib

?GetUpdaterPathAndCmdLine@MNUIHelpers@@YAJAAV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
?GetUpdateDownloadFolder@MNUIHelpers@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PBG@Z
?GetAppObject@MNUIHelpers@@YAPAUMIDApp@@XZ
?CreateCommandAndExecute@MNUIHelpers@@YAJABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PAUIUnknown@@1@Z
?DialogManagerFindDialog@MNUIHelpers@@YAJPAUIUnknown@@0ABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@1AAV?$CComPtr@UMIUIDialog@@@4@@Z
??1MCApplicationEnvironment@@QAE@XZ
?GetLocale@MCApplicationEnvironment@@QAE?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0MCApplicationEnvironment@@QAE@XZ
?SetLocale@MCApplicationEnvironment@@QAEJV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@Z
?CreateEnvironment@MCApplicationEnvironment@@QAEJABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AAV?$EEPtr@VEEObject@@@@@Z
?GetBoxelyShell@MNUIHelpers@@YAJAAVMCShell@MNBoxely@@@Z
?RestartApplication@MNUIHelpers@@YAJW4MELoginMode@@_N@Z

advapi32

FreeSid
RegQueryValueExA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyW
RegCloseKey

Exports

Exports

??$GetAppService@UMIDAppPreferencesService@@@MNUIHelpers@@YAJABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AAV?$CComPtr@UMIDAppPreferencesService@@@2@@Z
??$GetServiceByOwner@V?$CComPtr@UMIDApp@@@ATL@@UMIDAppPreferencesService@@@MNUIHelpers@@YAJABV?$CComPtr@UMIDApp@@@ATL@@ABV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@2@AAV?$CComPtr@UMIDAppPreferencesService@@@2@PAUMIDOwner@@@Z

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5f45ed360fac97fdee3add77145c0dc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

18:50:ab:af:84:97:ce:d1:2b:31:fb:13:2d:d6:e8:b0Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

mkernel

mcorelib

mutils

shlwapi

msvcp71

xprt6

muiutils

msvcr71

muicorelib

advapi32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 59KB - Virtual size: 58KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

18:50:ab:af:84:97:ce:d1:2b:31:fb:13:2d:d6:e8:b0
Certificate

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 59KB - Virtual size: 58KB