10928af06afd0db72eb6c26bb5733a00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

10928af06afd0db72eb6c26bb5733a00_JC.exe
Size

625KB
MD5

10928af06afd0db72eb6c26bb5733a00
SHA1

ba6e149706b00bb3324b65eee34cf904a4469dd4
SHA256

fe91295d79e873ff237771650aee92b0bd85b449d244988176ee1567f0f83a1f
SHA512

85dc2a94e6baf547947d3ec175b9acc753296e5163f3ec7edd9390e5619d7873c7c3bc1645e8484c62195961b8e8528f7a1d5606ad36b6a1b9faf81fa1cf9b28
SSDEEP

12288:H0gUQlHHU/L1VXSm5v8v7X6EQE5OADRGzeAKTt:H1H0/L1V1vx4OQ15

Score

1^/10

Malware Config

Signatures

Files

10928af06afd0db72eb6c26bb5733a00_JC.exe
.exe windows:4 windows x86

b2e1bc6fee585a25d0bfe84a75ed568c

Code Sign

7c:ec:88:7e:3a:0e:10:a6:3f:47:c7:2b:25:75:1a:b9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Lavasoft Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Lavasoft Limited,L=Sliema,ST=SLM,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:c7:b9:5d:4f:5c:be:c4:f9:84:b9:e8:06:1a:d1:d3:94:7a:61:1d
Signer

Actual PE Digest

ec:c7:b9:5d:4f:5c:be:c4:f9:84:b9:e8:06:1a:d1:d3:94:7a:61:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
GetDriveTypeW
GetFullPathNameW
GetFileAttributesW
InterlockedIncrement
GetThreadLocale
InterlockedDecrement
GetLastError
GetProcAddress
LoadLibraryA
CloseHandle
SetEvent
ResetEvent
CreateEventW
InterlockedCompareExchange
FreeLibrary
LoadLibraryW
CreateFileW
lstrcmpiW
IsBadReadPtr
GetShortPathNameW
WideCharToMultiByte
AreFileApisANSI
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpW
GlobalUnlock
GlobalLock
lstrcatW
lstrcpyW
SleepEx
GetModuleHandleExW
GetSystemWindowsDirectoryW
GetTickCount
GetProcessHeap
HeapAlloc
HeapValidate
HeapFree
HeapSize
HeapCompact
HeapReAlloc
InterlockedExchange
lstrlenA
WaitForSingleObject
OpenEventA
FindClose
FindFirstFileW
GetModuleFileNameW
LocalAlloc
LocalFree
lstrlenW
ReleaseActCtx
WaitForSingleObjectEx
DuplicateHandle
GetCurrentThread
GetCurrentProcess
Sleep
GetModuleHandleW
GetComputerNameW
DebugBreak
GetCurrentProcessId
FindActCtxSectionGuid
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
CreateThread
CreateActCtxW
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
lstrcpynW
GetCurrentActCtx
CreateEventA
FreeLibraryAndExitThread
WriteProfileStringW
GetProfileStringW
RaiseException
OutputDebugStringW
ReadFile
SetFilePointer
GetStringTypeW
SetLastError
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
ProcessIdToSessionId
LoadLibraryExA
ExpandEnvironmentStringsW
FindActCtxSectionStringW
GetSystemDirectoryW
GetSystemWow64DirectoryW
SearchPathW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
GetLocaleInfoA
GetSystemInfo
OutputDebugStringA
CreateSemaphoreW
ReleaseSemaphore
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
IsProcessorFeaturePresent
GlobalFree
GlobalAlloc
GlobalSize
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessW
GlobalAddAtomW
GlobalAddAtomA
GlobalFindAtomW
GlobalReAlloc
LocalUnlock
LocalLock
GlobalFindAtomA
DeleteFileW
MulDiv
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
GetOverlappedResult
EnterCriticalSection
SetEndOfFile
OpenProcess
LockFile
UnlockFile
GetFileTime
FlushViewOfFile
GlobalMemoryStatus
GetFileSize
FlushFileBuffers
VirtualAlloc
WriteFile
PulseEvent
GetFileType
InitializeCriticalSection
IsBadHugeWritePtr
IsBadHugeReadPtr
GetFileInformationByHandle
GetExitCodeThread
DeviceIoControl
GetUserDefaultLCID
GetACP
CreateFileMappingA
CompareStringA
CompareStringW
GetSystemDefaultLCID
DeleteCriticalSection
LeaveCriticalSection
AddRefActCtx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchangeAdd
IsBadStringPtrW
GetFileAttributesExW
SetFileTime
lstrcmpA
GetCommandLineA

advapi32

RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RevertToSelf
GetNamedSecurityInfoW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
OpenThreadToken
SetThreadToken
RegOpenKeyExW
RegCloseKey
WmiQuerySingleInstanceMultipleW
WmiQueryAllDataMultipleW
EqualSid
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegEnumValueW
LookupPrivilegeNameW
ImpersonateSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegQueryValueExW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2e1bc6fee585a25d0bfe84a75ed568c

Code Sign

7c:ec:88:7e:3a:0e:10:a6:3f:47:c7:2b:25:75:1a:b9Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ec:c7:b9:5d:4f:5c:be:c4:f9:84:b9:e8:06:1a:d1:d3:94:7a:61:1dSigner

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 46KB - Virtual size: 203KB

.rsrc Size: 477KB - Virtual size: 476KB

7c:ec:88:7e:3a:0e:10:a6:3f:47:c7:2b:25:75:1a:b9
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ec:c7:b9:5d:4f:5c:be:c4:f9:84:b9:e8:06:1a:d1:d3:94:7a:61:1d
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 46KB - Virtual size: 203KB

.rsrc
Size: 477KB - Virtual size: 476KB