35d00da96d36c97869d7be7bd7d287f0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

35d00da96d36c97869d7be7bd7d287f0_JC.exe
Size

1.5MB
MD5

35d00da96d36c97869d7be7bd7d287f0
SHA1

8e33f258996e81b9b82046f03bb8eed1f95f6200
SHA256

163265111551d46b99f7f456717d0e224c7e0473f2fde7c21b234a8467cc2b00
SHA512

6860a5f58a0d343cf66ec16ad421ab6209150c6c172405b55842c8d111f2cc610a3183f7a241a2712b77f1e9b3aceb142f1bcb620d825c08a98236207628bcc9
SSDEEP

24576:U/Z03s3Az0XDVkQ2+lQknHwi6+csawhKLGeMS91XsGkZ/89nGaQ6iL:U/Z0MNTVj2nk3hKDMS9FsGc/8nt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35d00da96d36c97869d7be7bd7d287f0_JC.exe

Files

35d00da96d36c97869d7be7bd7d287f0_JC.exe
.dll windows:5 windows x86

63f4fc0df0a68cd7df3c5d3f30e9ad48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHChangeNotify
SHGetFolderPathA

advapi32

CryptHashSessionKey
QueryServiceStatus
AddAuditAccessObjectAce
RegCreateKeyA
AdjustTokenPrivileges
GetOldestEventLogRecord
OpenThreadToken

msvcrt

ldiv

kernel32

HeapAlloc
UnregisterWait
ExpandEnvironmentStringsA
ConnectNamedPipe
BuildCommDCBA
GetModuleFileNameA
GetUserDefaultLCID
GetBinaryTypeA
GetModuleHandleA
GetSystemTimeAsFileTime
PurgeComm

clusapi

ClusterOpenEnum

opengl32

glMap2f

comdlg32

ChooseColorW

crypt32

CryptMsgVerifyCountersignatureEncodedEx

ole32

CoGetObjectContext
OleRegGetUserType
CoInitialize
OleDoAutoConvert

gdi32

GetCurrentObject
GetBitmapDimensionEx
EnumFontFamiliesExW
CreateDiscardableBitmap
CombineRgn

rpcrt4

NdrSimpleStructUnmarshall
UuidFromStringA
UuidHash

user32

SetRect
MapDialogRect
LoadImageW
LookupIconIdFromDirectory
CharLowerA

oleaut32

SafeArrayAllocDescriptorEx

wintrust

WintrustLoadFunctionPointers
CryptCATOpen

shlwapi

StrCatChainW
StrChrIA

Exports

Exports

TponfKheem

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

U
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DR6lla
Size: 768KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cfK7iNMI
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f4fc0df0a68cd7df3c5d3f30e9ad48

Headers

File Characteristics

Imports

shell32

advapi32

msvcrt

kernel32

clusapi

opengl32

comdlg32

crypt32

ole32

gdi32

rpcrt4

user32

oleaut32

wintrust

shlwapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 96KB - Virtual size: 96KB

CODE Size: 24KB - Virtual size: 23KB

U Size: 32KB - Virtual size: 28KB

.crt0 Size: 56KB - Virtual size: 52KB

DR6lla Size: 768KB - Virtual size: 765KB

.CRT Size: 200KB - Virtual size: 196KB

cfK7iNMI Size: 208KB - Virtual size: 205KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 96KB - Virtual size: 96KB

CODE
Size: 24KB - Virtual size: 23KB

U
Size: 32KB - Virtual size: 28KB

.crt0
Size: 56KB - Virtual size: 52KB

DR6lla
Size: 768KB - Virtual size: 765KB

.CRT
Size: 200KB - Virtual size: 196KB

cfK7iNMI
Size: 208KB - Virtual size: 205KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 40KB - Virtual size: 36KB