3a59395ce00a1f3276d7a6bbd3946724_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a59395ce00a1f3276d7a6bbd3946724_JC.exe
Size

292KB
MD5

3a59395ce00a1f3276d7a6bbd3946724
SHA1

978b170eb3b6ea657604f4c2999c8ce79bf3ea53
SHA256

4de64820778dabaa1e9bac16089e0ebdfb6314bec53b501cc676b9e6f4b834fc
SHA512

2aa833b2b16ff80727454bcfd297b3d9ee6dde9515aae1f8201e3f9d2ce367df6c93eb2fcb52c0148d7f508b41cbe9f7404597d6baa6cb2aa1a8756c180c6590
SSDEEP

6144:kN43gKpDPeVvnAmZ64XMxvQ4x1OpGcm9VQl0lM/oJ4/gupM:Y4npK2y8zzkGHVqoq/gN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a59395ce00a1f3276d7a6bbd3946724_JC.exe

Files

3a59395ce00a1f3276d7a6bbd3946724_JC.exe
.exe windows:4 windows x86

29a447a303a6cf8357c37331ad3593c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

LoadStringW

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ws2_32

socket

iphlpapi

GetAdaptersInfo

wtsapi32

WTSUnRegisterSessionNotification

Sections

.text
Size: 77KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE