19194cfc3260ee4d7bd717eb7f7cf9c0_exe32_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

19194cfc3260ee4d7bd717eb7f7cf9c0_exe32_JC.exe
Size

481KB
MD5

19194cfc3260ee4d7bd717eb7f7cf9c0
SHA1

fc71d3ad52c38d3ee89c8c94f3fb910446f73385
SHA256

2052bb48d66c255046e9fd8c9588a4394cc845d8a4de2b8a374e8cb36f9ca7ee
SHA512

7217c4198440a757719ad689bbe21e144d1da3444abf7089ad9346ecaa2203fb96dac8bc2303134cf423cefab88d6680dba6261fff36701a8b23d0572467bbbd
SSDEEP

12288:eEQQ/Qk/3n1UGYzl0jBN2vcrKVX8frWTdVDVh/fY:eEQQXlUbIWUrRfrsdVDVh/fY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19194cfc3260ee4d7bd717eb7f7cf9c0_exe32_JC.exe

Files

19194cfc3260ee4d7bd717eb7f7cf9c0_exe32_JC.exe
.exe windows:5 windows x86

d3cf3455c8108e39409f92cd9f9a6953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sti

StiCreateInstanceW

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

kernel32

EnterCriticalSection
LeaveCriticalSection
GetUserDefaultLCID
WaitForSingleObject
OpenProcess
TerminateProcess
lstrlenW
CloseHandle
MoveFileExW
SetEvent
GetLastError
OpenEventW
CreateProcessW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
WriteFile
ReadFile
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetStdHandle
GetModuleHandleW
GetACP
GetProcAddress
IsValidCodePage
GetModuleFileNameW
CreateMutexW
SetLastError
ReleaseMutex
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
ReleaseSemaphore
CreateSemaphoreW
lstrcpynW
lstrcmpiW
lstrcatW
lstrcpyW
FreeLibrary
LoadLibraryW
GetFileAttributesW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
RtlUnwind
WriteConsoleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
ExitProcess
HeapFree
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
IsProcessorFeaturePresent

user32

LoadStringW
MessageBoxW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
DoEnvironmentSubstW

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 344KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3cf3455c8108e39409f92cd9f9a6953

Headers

DLL Characteristics

File Characteristics

Imports

sti

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 8KB - Virtual size: 8KB

.text Size: 344KB - Virtual size: 348KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 344KB - Virtual size: 348KB