118[.]docx_________________________[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

118.docx_________________________.exe
Size

4.8MB
MD5

d4a43b5e7e6bc84a6240ef9fd2df8bbb
SHA1

eb226c1955b3fbddba26698d41942b4b9643fcb9
SHA256

c565210f330ebc46361e0ea685eb66affc608bc7c348a7eb032039ea4d5d4540
SHA512

5f449bc8aef0f289de8da14acdf0478cd0ec077b42d829e3deb5fae0294b74d0235eb1e0e620d6fcfa54a30ea627ee7632a47c4b696efe4c8ff8297b5c72966d
SSDEEP

49152:ow/lbIsjWa5kFx+oa2kWh3KgpKW1ZTqUnaX4aQK8XHwMGQNZToY1i5KDr7h4tfMR:ye2Lr+oXYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
118.docx_________________________.exe

Files

118.docx_________________________.exe
.exe windows:6 windows x64 arch:x64

37922e95204d581ef642192f2771b969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Downloads\New folder\jlo_ (2)\jlo-client_sync\target\debug\deps\jlo.pdb

Imports

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
GlobalMemoryStatusEx
MultiByteToWideChar
GetProcAddress
FreeLibrary
CloseHandle
GetLastError
FormatMessageW
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateMutexW
lstrlenW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlVirtualUnwind
GetLogicalProcessorInformationEx
OpenProcess
GetProcessTimes
LocalFree
VirtualQueryEx
ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GetExitCodeProcess
GetCurrentProcessId
GetDiskFreeSpaceExW
CreateFileW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetSystemInfo
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SetLastError
SwitchToThread
Sleep
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
DuplicateHandle
GetStdHandle
SetHandleInformation
WriteFileEx
SleepEx
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
WakeAllConditionVariable
WakeConditionVariable
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
GetFileInformationByHandle
FindFirstFileW
DeleteFileW
CopyFileExW
CreateEventW
ReadFile
CancelIo
GetModuleHandleW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
CreateProcessW
CreateThread
TlsGetValue
TlsSetValue
GetModuleHandleA
GetConsoleMode
WriteConsoleW
IsProcessorFeaturePresent
RaiseException
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

advapi32

GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
RegCloseKey
FreeSid
RegQueryValueExW
SystemFunction036

user32

GetWindowRect
GetDesktopWindow
MonitorFromPoint
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsExW

gdi32

GetDeviceCaps
GetDIBits
CreateDCW
StretchBlt
DeleteObject
SelectObject
GetObjectW
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SetStretchBltMode

oleaut32

SysAllocString
VariantClear
SysFreeString

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ws2_32

setsockopt
getsockopt
recv
freeaddrinfo
WSACleanup
WSAStartup
WSARecv
WSASend
send
ioctlsocket
WSASocketW
connect
select
closesocket
getaddrinfo
WSAGetLastError

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

pdh

PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW
PdhOpenQueryA

powrprof

CallNtPowerInformation

ntdll

NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation

iphlpapi

FreeMibTable
GetIfTable2
GetIfEntry2

bcrypt

BCryptGenRandom

psapi

EnumProcessModulesEx
GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__vcrt_GetModuleFileNameW
__C_specific_handler_noexcept
__vcrt_LoadLibraryExW
__current_exception
memcpy
memmove
__CxxFrameHandler3
__current_exception_context
memset
__C_specific_handler
_CxxThrowException
memcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
floorf

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
__p___argc
_set_app_type
_configure_narrow_argv
__p___argv
_seh_filter_exe
_get_initial_narrow_environment
exit
_initterm
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37922e95204d581ef642192f2771b969

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

kernel32

advapi32

user32

gdi32

oleaut32

ole32

shell32

ws2_32

netapi32

pdh

powrprof

ntdll

iphlpapi

bcrypt

psapi

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 310KB - Virtual size: 309KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 310KB - Virtual size: 309KB

.reloc
Size: 12KB - Virtual size: 12KB