619a9fa1b165149666e89c3e32b282a0exe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

619a9fa1b165149666e89c3e32b282a0exe_JC.exe
Size

513KB
MD5

619a9fa1b165149666e89c3e32b282a0
SHA1

9b4f7446af10de6fb1a9ff3e34d36822562ff79f
SHA256

8a657c33bdbcc561ee3c02196c9aff49934bdfc4f9a25c8f35653d705b96dc27
SHA512

95879c06e53e3819e239ff7c3e0de7e9d2975353ef76a2ecc45e69edd95dfee225f5905a43ff5c1875c18a5f346331d55a4ad8f39c90c86730440d53152cc80f
SSDEEP

12288:TN+RQiTlRV2blqUqhAzlrGHdtWnR2snwtHXN3:T4/YqUqi5rZkBN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
619a9fa1b165149666e89c3e32b282a0exe_JC.exe

Files

619a9fa1b165149666e89c3e32b282a0exe_JC.exe
.exe windows:5 windows x86

d18cdf14bea9b60cc63f3a09c8bdf79c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GetFileSize
UnmapViewOfFile
ExitThread
GetConsoleCP
SetThreadExecutionState
GlobalMemoryStatusEx
GetStartupInfoW
VirtualFree
GlobalLock
SetFileAttributesW
RemoveDirectoryW
CancelIo
GetVolumeInformationW
GetLongPathNameW
lstrcmpW
GetVersionExA
GetLocaleInfoW
GetFullPathNameW
GetExitCodeProcess
ExpandEnvironmentStringsW
GetTempPathW
IsProcessorFeaturePresent
lstrlenW
SetUnhandledExceptionFilter
CreateFileMappingW
TlsGetValue
LCMapStringW
SetFilePointer
MoveFileExW
WriteConsoleW
ReadConsoleW
FindFirstFileA
CloseHandle
GetTimeFormatW
GetExitCodeThread
FlushFileBuffers
GetFileAttributesW
GetNumberFormatW
ReadFile
GetCurrentProcessId
GetConsoleMode
FormatMessageW
Sleep
FreeEnvironmentStringsW
FreeLibrary
IsDebuggerPresent
CreateDirectoryW
FlushConsoleInputBuffer
GetACP
GetDateFormatA
lstrlenA
TerminateProcess
lstrcpynW
MulDiv
GetCurrentThread
SetConsoleCtrlHandler
CreateThread
HeapFree
GetModuleFileNameW
SetThreadPriority
SetErrorMode
SetEnvironmentVariableA
GetLogicalDrives
TlsAlloc
GlobalUnlock
GetStdHandle
FindClose
GetCPInfo
SetLastError
GetVersionExW
GetProcessTimes
RaiseException
FindNextFileA
OutputDebugStringW
GetSystemDirectoryA
MultiByteToWideChar
DeleteFileW
GlobalReAlloc
SetEndOfFile
UnhandledExceptionFilter
SetConsoleMode
ResumeThread
AreFileApisANSI
GetCurrentThreadId
CreateFileA
PeekNamedPipe
QueryPerformanceCounter
GlobalAlloc
CreateFileW
SystemTimeToFileTime
GetLastError
ExitProcess
lstrcmpiW
MapViewOfFile
GetVersion
LocalFree
FileTimeToSystemTime
GetCurrentDirectoryW
FindFirstFileW
VirtualAlloc
GetDriveTypeW
FindNextFileW
GetProcessHeap
CreateFileMappingA
HeapSize
GetFileAttributesExW
DeviceIoControl
SleepEx
SetStdHandle
HeapReAlloc
FindFirstFileExW
WideCharToMultiByte
GetEnvironmentStringsW
GetDateFormatW
CompareStringW
SetFilePointerEx
GetFileType
GlobalFree
CopyFileExW
GetEnvironmentVariableA
TlsFree
FileTimeToLocalFileTime
GetFileInformationByHandle
GlobalAddAtomW
GetOEMCP
InterlockedExchange
LocalAlloc
GetStringTypeW
ReadConsoleInputA
TlsSetValue
GetThreadTimes
GetModuleHandleA
SetFileTime
HeapAlloc
AddAtomW
LoadLibraryA
VirtualProtectEx
GetProcAddress
LoadLibraryW
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcess
LoadLibraryExW
lstrcmpA
GetCommandLineW
WriteFile

gdi32

CreateCompatibleBitmap
MoveToEx
RoundRect
LineTo
SetBrushOrgEx
SetTextColor
GetObjectW
DeleteObject
SetBkMode
DeleteDC
SaveDC
PatBlt
SelectObject
CreatePen
Polygon
Ellipse
CreateBitmap
ExtTextOutW
BitBlt
CreatePatternBrush
CreateCompatibleDC
CreateDIBSection
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
GetTextMetricsW
RestoreDC
CreateFontIndirectW
GetDeviceCaps
SetBkColor

comdlg32

ChooseFontW

advapi32

MakeSelfRelativeSD
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCreateKeyA
SetFileSecurityW
RegisterEventSourceA
AdjustTokenPrivileges
RegSetValueExA
LookupAccountSidW
RegQueryValueExA
LookupAccountNameW
RegOpenKeyA
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegDeleteKeyA
SetNamedSecurityInfoW
RegOpenKeyExA
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetUserNameW
RegEnumKeyA
RegQueryInfoKeyW
GetSecurityDescriptorLength
OpenProcessToken
ReportEventA
RegEnumKeyExW
RegQueryValueA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
DeregisterEventSource

shell32

SHGetDesktopFolder
SHBrowseForFolderW
SHIsFileAvailableOffline
SHGetFolderLocation
SHGetDiskFreeSpaceExW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW

ole32

OleUninitialize
CoCreateGuid
OleInitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemRealloc
PropVariantClear
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2
CoInitializeEx
CoGetObject
CLSIDFromProgID
OleLockRunning

oleaut32

LoadRegTypeLi
SystemTimeToVariantTime
SysAllocStringLen
SysFreeString
SysAllocString
VariantTimeToSystemTime
SysStringLen
VariantChangeType
VariantInit
LoadTypeLi
VariantClear
VarUI4FromStr
OleCreateFontIndirect

comctl32

ImageList_Create
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_Draw
ImageList_LoadImageW
ImageList_GetImageCount
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
ord17

shlwapi

StrCmpW
StrFormatByteSizeW
StrCmpIW
PathMatchSpecW
StrTrimW
StrStrW
StrRetToStrW

winmm

PlaySoundA

crypt32

CryptProtectData
CryptUnprotectData
CertCloseStore
CertFindCertificateInStore
CertNameToStrW
CertOpenSystemStoreW

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpAddRequestHeadersW
InternetWriteFile
InternetOpenW
InternetSetOptionExW
HttpSendRequestExW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetGetLastResponseInfoW
InternetQueryOptionW
HttpQueryInfoW
HttpEndRequestW

wsock32

socket
shutdown
ioctlsocket
ntohs
listen
htons
accept
WSAGetLastError
gethostbyname
bind
MigrateWinsockConfiguration
recv
connect
htonl
WSACleanup
setsockopt
getsockopt
inet_addr
send
getservbyname
WSAStartup
closesocket
getsockname
gethostname
getservbyport
WSASetLastError
select
gethostbyaddr

mpr

WNetCancelConnection2W
WNetCloseEnum
WNetGetConnectionW
WNetAddConnection2W
WNetEnumResourceW
WNetGetLastErrorW
WNetOpenEnumW

netapi32

NetShareEnum
NetApiBufferFree

secur32

GetUserNameExW

wldap32

ord12

msvcrt

_exit
isalnum
isalpha
__set_app_type
exit
isspace

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.over
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d18cdf14bea9b60cc63f3a09c8bdf79c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

winmm

crypt32

msimg32

version

wininet

wsock32

mpr

netapi32

secur32

wldap32

msvcrt

Sections

.text Size: 193KB - Virtual size: 192KB

.over Size: 512B - Virtual size: 272B

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 217KB - Virtual size: 221KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 193KB - Virtual size: 192KB

.over
Size: 512B - Virtual size: 272B

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 217KB - Virtual size: 221KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 10KB - Virtual size: 10KB