19531987e32e445b6ec4c95280f635a0_exe32_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

19531987e32e445b6ec4c95280f635a0_exe32_JC.exe
Size

269KB
MD5

19531987e32e445b6ec4c95280f635a0
SHA1

9793a7976323ff12ad0f093c6e0fd833a0041b26
SHA256

55e5b8a7bc95356dc219d9fdf07d79f5ecc5f8a1c616ae19047b91d0efd9f108
SHA512

c16ea1725114ae7875774852aa0e4d0ff49d2e9d6452cba1861db779b5115c21a5c774ee111f72dbeaab069c71006a09a902de318bd57802b2d7b66ec06d763e
SSDEEP

3072:g9unJMz+IHmar/cKqIHYUN1osO/zFIPJEJPdTYVGxczS+3ObX3NMCai7Cjx2:E4Mqh6/cDIHh18IPJyQbzS+4tMCaimx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19531987e32e445b6ec4c95280f635a0_exe32_JC.exe

Files

19531987e32e445b6ec4c95280f635a0_exe32_JC.exe
.exe windows:6 windows x86

60eaafe6289dc801a5e595ca7e99bbfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

PropertySheetW
CreatePropertySheetPageW

kernel32

LocalFree
FormatMessageA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
CloseHandle
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
LoadLibraryExW
FreeLibrary
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
lstrcpynW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW

user32

EndPaint
OpenClipboard
GetWindowLongW
CreateWindowExW
SendMessageW
SetWindowPos
GetWindowRect
GetDlgItem
SetWindowLongW
SystemParametersInfoW
ShowWindow
LoadStringW
PostQuitMessage
MessageBoxW
DialogBoxParamW
IsWindow
CreateDialogParamW
SetActiveWindow
CloseClipboard
SetClipboardData
UpdateWindow
GetKeyState
CallWindowProcW
LoadCursorW
LoadIconW
RegisterClassExW
GetLastActivePopup
FindWindowW
UnregisterClassW
wsprintfW
DestroyWindow
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
SetMenu
LoadMenuW
GetWindowTextLengthW
SetDlgItemTextW
DefWindowProcW
GetParent
EnableWindow
GetDlgItemTextW
EndDialog
MessageBeep
GetWindowTextW
GetMenuItemCount
BeginPaint
GetMenu
EnableMenuItem
GetMenuItemID
EmptyClipboard

gdi32

MoveToEx
LineTo
TextOutW
CreateFontIndirectW

bili-https

?SendRoomChat@User@Bili@@YA?AV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@nlohmann@@@nlohmann@@ABUCredentials@12@ABUSendOptions@12@@Z
?GetResolve@Room@Bili@@YA?AV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@nlohmann@@@nlohmann@@J@Z
?from_json@User@Bili@@YAXABV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@nlohmann@@@nlohmann@@AAUCredentials@12@@Z
?GetSignInInfo@User@Bili@@YA?AV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@nlohmann@@@nlohmann@@ABUCredentials@12@@Z

bili-server

??1EndPoint@Connection@Server@Bili@@QAE@XZ
?getMetaData@Room@Server@Bili@@QBE?AV?$shared_ptr@VMetaData@Connection@Server@Bili@@@std@@XZ
?join@Room@Server@Bili@@QAEXJ@Z
?retrieve@Room@Server@Bili@@QAE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?connect@Room@Server@Bili@@QAEXXZ
?disconnect@Room@Server@Bili@@QAEXGABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

bili-settings

?Get@File@Settings@Bili@@YAPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBD@Z
?GetCredentials@Settings@Bili@@YA?AV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@nlohmann@@@nlohmann@@XZ
?GetW@File@Settings@Bili@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@0PBD@Z
?SetW@File@Settings@Bili@@YA?AW4SI_Error@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@6@@Z
?Save@File@Settings@Bili@@YA?AW4SI_Error@@XZ
?Load@File@Settings@Bili@@YA?AW4SI_Error@@XZ

msvcp140

?_Xbad_function_call@std@@YAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Thrd_detach
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Cnd_init
_Mtx_init
_Mtx_lock
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Mtx_destroy
_Mtx_unlock
_Thrd_start
?_Throw_C_error@std@@YAXH@Z
_Cnd_wait
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
_Xtime_get_ticks
_Thrd_sleep
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?_BADOFF@std@@3_JB
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

ws2_32

WSAStartup
WSACleanup
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket

vcruntime140

memcpy
memset
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_compare
memchr
_purecall
__std_exception_copy
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
memmove

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
terminate

api-ms-win-crt-convert-l1-1-0

strtoull
wcstol
strtoll
strtol
strtod

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64_s
_gmtime64

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-math-l1-1-0

_dtest
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60eaafe6289dc801a5e595ca7e99bbfb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

bili-https

bili-server

bili-settings

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 9KB - Virtual size: 8KB