Java_Binary[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Java_Binary.exe
Size

4.7MB
MD5

529f54abc0ce5c7bae2709932fa26b53
SHA1

ae76be55c641168345d6d14cf08ef1ce8b5f3b5e
SHA256

3703cfa2db385e512545057873d7cb74fad5aadbdadbe770f88356cabc0200c3
SHA512

d5c99ce4785367a1af28e79b9386248cf45dbab406ccfdce8ba9d009bc49e9bf67449b896e46016edcecfd25de41a512dc7537b4d4308ba73079f9138d4b30a8
SSDEEP

49152:ILK39wEmAc+Y0BEK6iouNZH5rQX5cAGRf5Aw3lPcPMZTYItWn3udKmBvpycIlCVc:TOrvi7h44KovpNIuCGwtCMXN7mY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Java_Binary.exe

Files

Java_Binary.exe
.exe windows:6 windows x64 arch:x64

08ea692a5405697e86bc7edd29a73331

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind
RtlCaptureContext

kernel32

GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindFirstFileW
WaitForSingleObject
GetQueuedCompletionStatusEx
GetFinalPathNameByHandleW
SetLastError
SetFileCompletionNotificationModes
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
WakeConditionVariable
CreateThread
SleepConditionVariableSRW
CreateIoCompletionPort
TryAcquireSRWLockExclusive
GetConsoleMode
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
QueryPerformanceFrequency
HeapDestroy
GetStdHandle
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentThread
WriteConsoleW
GetModuleHandleA
SetHandleInformation
SetThreadStackGuarantee
AddVectoredExceptionHandler
UnlockFile
GetLastError
PostQueuedCompletionStatus
MultiByteToWideChar
FindClose
FreeConsole
SetStdHandle
WakeAllConditionVariable
HeapReAlloc
GetSystemInfo
CloseHandle
FindNextFileW
GetProcAddress
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
HeapCompact
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
FreeLibrary

crypt32

CertCloseStore
CertEnumCertificatesInStore
CryptUnprotectData
CertOpenStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertDuplicateStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertDuplicateCertificateContext

ws2_32

connect
closesocket
bind
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
getsockname
WSAGetLastError
getpeername
shutdown
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
getsockopt

bcrypt

BCryptGenRandom

secur32

AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken
DeleteSecurityContext
DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW
FreeContextBuffer
AcceptSecurityContext
FreeCredentialsHandle

advapi32

RegQueryValueExW
SystemFunction036
RegOpenKeyExW
RegCloseKey

iphlpapi

GetAdaptersAddresses

vcruntime140

memset
__current_exception_context
memcpy
__current_exception
__CxxFrameHandler3
memmove
memcmp
__C_specific_handler
strrchr

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strspn
strcmp
strlen

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
log

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

__p___argc
_set_app_type
_endthreadex
__p___argv
_beginthreadex
_configure_narrow_argv
terminate
_crt_atexit
_initialize_narrow_environment
_get_initial_narrow_environment
_c_exit
_initterm
_seh_filter_exe
exit
_exit
_register_onexit_function
_cexit
_initialize_onexit_table
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08ea692a5405697e86bc7edd29a73331

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

ws2_32

bcrypt

secur32

advapi32

iphlpapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 25KB - Virtual size: 27KB

.pdata Size: 90KB - Virtual size: 90KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 25KB - Virtual size: 27KB

.pdata
Size: 90KB - Virtual size: 90KB

.reloc
Size: 26KB - Virtual size: 26KB