70dd30ba43b00bc3fa8f01629133d8f0a4338260b7299f899d8d0d97aa0fdad3_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

70dd30ba43b00bc3fa8f01629133d8f0a4338260b7299f899d8d0d97aa0fdad3_JC.exe
Size

165KB
MD5

f40c5d672b89f0ea2412a42c2157ccdc
SHA1

0e040c45921d58f72317e8ac191405f234d6956f
SHA256

70dd30ba43b00bc3fa8f01629133d8f0a4338260b7299f899d8d0d97aa0fdad3
SHA512

0f726fdfc717fff82c8edb9361b2590f7b3cc2b93366dd7437efc83e30a7bdba8489b5453c5bc2b277b67ae09f9858e7154872adf08e0eb4fb8a5ffa6738d4d6
SSDEEP

3072:quiur1UBoSudokvYUv4OEN+qSBd+pFnnm52q6J:niupUBoPdoSdwOaqjYDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70dd30ba43b00bc3fa8f01629133d8f0a4338260b7299f899d8d0d97aa0fdad3_JC.exe

Files

70dd30ba43b00bc3fa8f01629133d8f0a4338260b7299f899d8d0d97aa0fdad3_JC.exe
.exe windows:6 windows x86

327e49dbc5330d3838e89c17a931e259

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
EnumTimeFormatsW
SetEndOfFile
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
SetFilePointer
HeapReAlloc
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
WideCharToMultiByte
GetLocaleInfoEx
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
HeapSize
IsDebuggerPresent
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
ReadFile
SetFilePointerEx
GetProcessHeap
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW

rtm

RtmRegisterClient
RtmCreateEnumerationHandle
RtmIsRoute
RtmGetFirstRoute

mscms

GetColorProfileElementTag
SelectCMM
IsColorProfileTagPresent
CheckColors
SpoolerCopyFileEvent
CheckBitmapBits

msacm32

acmFormatChooseA
acmStreamMessage
acmFilterDetailsW
acmDriverID
acmDriverRemove
acmGetVersion
acmStreamSize

loadperf

LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA

pdh

PdhSelectDataSourceA
PdhGetLogFileSize
PdhParseCounterPathA
PdhLookupPerfIndexByNameW
PdhGetDllVersion
PdhEnumObjectItemsA
PdhGetDefaultPerfObjectW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

327e49dbc5330d3838e89c17a931e259

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rtm

mscms

msacm32

loadperf

pdh

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 14KB