0f219c8daa64fc6273ebf18ad817d090_JC[.]exe | Triage

Sharing

General

Target

0f219c8daa64fc6273ebf18ad817d090_JC.exe
Size

16KB
MD5

0f219c8daa64fc6273ebf18ad817d090
SHA1

4e22b5bd9744ed951bdd1ed9073c3f554a43c209
SHA256

bfb788161eef389f8c07098e5d400e851cbf512a56e682334c7f8501a4928eb7
SHA512

6bec26a4a8a9b37053c1f1c767b58ffb04ae1735d757441c11bb06b1ad3062e9a67eafbfaa883b84d4d37bf4eb9c44f8c75b7178dfd1c73fa7efdf048ee758bb
SSDEEP

192:BGgkkhG7EHojuwLLpsotdZCjmP99TZUXTwbII4sI4eSyvVo/Mog44:B1hGJjuvooCUXB+gSyvVoU344

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f219c8daa64fc6273ebf18ad817d090_JC.exe

Files

0f219c8daa64fc6273ebf18ad817d090_JC.exe
.exe windows:5 windows x86

390502c51760de5ce21b17b587ff4dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LoadResource
GetTickCount
WriteFile
OpenProcess
Sleep
SizeofResource
TerminateProcess
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
WinExec
CloseHandle
DeleteFileA
lstrcpyA
FindResourceA
GetFileSize
lstrcatA
CreateFileA

user32

wsprintfA
FindWindowA

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyA

msvcrt

memcpy
strstr
memset

psapi

EnumProcesses
GetModuleFileNameExA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ