40d82186b2f36344fc9cf6bbd7afb137_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

40d82186b2f36344fc9cf6bbd7afb137_JC.exe
Size

851KB
MD5

40d82186b2f36344fc9cf6bbd7afb137
SHA1

09c281ae17294bf111b6de6a9fa851a2644e4aac
SHA256

c053e622e780627df34f5ee33e204f34d2ed830c94943b586a76c21f9e62a09e
SHA512

0e3339587d62f0aca4c824244602f0201c86e57912b5fb6e4818aadfc923b69fa1fb039f3a385e93f252d763677686ea78e1837f14eaef8df592135744d7a624
SSDEEP

24576:mMookgcvqNfWPdS+UYAWi980laoHCoJYf8tTsCbyQOCG3bkx3phrEH7F:13myGdVDAN7TH68ryQRabk9pa

Score

1^/10

Malware Config

Signatures

Files

40d82186b2f36344fc9cf6bbd7afb137_JC.exe
.exe windows:5 windows x86

2d939382f2e63001c19821990a4b8eeb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:b3:44:8f:ec:bb:02:d4:46:97:7b:5a:d7:b7:f1:83
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

21/03/2012, 00:00

Not After

29/03/2013, 23:59

Subject

CN=GlavSoft LLC.,O=GlavSoft LLC.,L=Tomsk,ST=Tomsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:ef:f1:d9:7c:0c:b6:51:40:99:80:ed:32:af:e2:08:3f:e3:32:67
Signer

Actual PE Digest

57:ef:f1:d9:7c:0c:b6:51:40:99:80:ed:32:af:e2:08:3f:e3:32:67

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx

ws2_32

shutdown
WSACleanup
WSAGetLastError
ntohl
htonl
htons
ntohs
gethostbyname
connect
WSAStartup
getsockname
select
setsockopt
recv
bind
socket
__WSAFDIsSet
closesocket
send
listen
accept

kernel32

GetLogicalDriveStringsW
CreateDirectoryW
SetFileTime
CreateFileW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
CloseHandle
DeleteFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
ResumeThread
CreateThread
GetModuleFileNameW
GetLastError
CreateProcessW
SetEvent
TerminateProcess
CreateEventW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetCommandLineW
GetProcAddress
LocalFree
GetCurrentThreadId
GetCurrentProcessId
SetErrorMode
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetCPInfo
ExitProcess
HeapReAlloc
HeapAlloc
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapFree
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
FindFirstFileW
FormatMessageW
LockResource
LoadResource
FindResourceW
FreeResource
FileTimeToLocalFileTime
GetLocalTime
FileTimeToSystemTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetFileSizeEx
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
ReadFile
GetPrivateProfileStringW

user32

IsDialogMessageW
PostQuitMessage
GetKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetDC
ReleaseDC
GetParent
LoadBitmapW
FillRect
EndPaint
BeginPaint
ScreenToClient
GetClientRect
ShowScrollBar
SetScrollInfo
GetSystemMenu
GetMenuItemID
InsertMenuItemW
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetMenuItemCount
SetMenuDefaultItem
DestroyMenu
CreateWindowExW
DestroyWindow
DialogBoxParamW
SetClassLongW
EndDialog
CreateDialogParamW
CloseClipboard
GetPriorityClipboardFormat
SystemParametersInfoW
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
InvalidateRect
GetWindowTextW
SetWindowTextW
LoadAcceleratorsW
LoadIconW
SetWindowPlacement
GetWindowRect
KillTimer
LoadCursorW
MessageBeep
SetFocus
GetKeyboardLayoutNameW
GetWindowPlacement
MonitorFromWindow
GetDesktopWindow
SetWindowPos
ShowWindow
GetMonitorInfoW
TranslateAcceleratorW
SetTimer
GetMessageW
UnregisterClassW
TranslateMessage
SetWindowLongW
GetSysColorBrush
GetActiveWindow
RegisterClassW
DefWindowProcW
DispatchMessageW
EnableWindow
PostMessageW
GetWindowLongW
GetSystemMetrics
SendMessageW
DestroyIcon
CallWindowProcW
IsWindowVisible
TrackPopupMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
GetDlgItem
MessageBoxW
SetClipboardViewer
IsWindow
CheckMenuItem

gdi32

GetCurrentObject
CreateDIBSection
StretchBlt
SetStretchBltMode
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetDIBits
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

RegEnumKeyW
RegQueryValueExW
RegOpenKeyW
SetSecurityInfo
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d939382f2e63001c19821990a4b8eeb

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:b3:44:8f:ec:bb:02:d4:46:97:7b:5a:d7:b7:f1:83Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

57:ef:f1:d9:7c:0c:b6:51:40:99:80:ed:32:af:e2:08:3f:e3:32:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

version

Sections

.text Size: 565KB - Virtual size: 565KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 22KB - Virtual size: 30KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 34KB - Virtual size: 33KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:b3:44:8f:ec:bb:02:d4:46:97:7b:5a:d7:b7:f1:83
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

57:ef:f1:d9:7c:0c:b6:51:40:99:80:ed:32:af:e2:08:3f:e3:32:67
Signer

.text
Size: 565KB - Virtual size: 565KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 22KB - Virtual size: 30KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 34KB - Virtual size: 33KB