JKPLC---[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

JKPLC---.exe
Size

636KB
MD5

e7f34aeab1321242a1b6f033e6d5259c
SHA1

625933104810b0e67d11bbdfafd772a9be3ea589
SHA256

7c7640fe05f0d7d06f2611cb2ec525e4b31690d34db69037b95c3171d7bb74a6
SHA512

1b155f5bb069c4858099f41a9ca6dd4c864f21f7cdf5362db596df0c24e50c3013b18f9a7ffae281e62d692fa8d1555552e1c0c15fad1105b210514726f6a09a
SSDEEP

6144:9ok5isB2Gg2mIDina735M/ofhfsOHh6C9Zinv7TqQ3bAOa+IWkZVfd7t9gz:9T0sB2ldIDlRsk5t9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JKPLC---.exe

Files

JKPLC---.exe
.exe windows:6 windows x64 arch:x64

d8ea021c1af9dd2547bfdab123ea2aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\man\CikachiPLC Source\Cikachi\jkplc-master\Release\JKPLC.pdb

Imports

mfc140u

ord11340
ord6767
ord10824
ord11338
ord11339
ord6768
ord5268
ord11863
ord1768
ord11121
ord11789
ord13653
ord1167
ord7252
ord1774
ord13652
ord2344
ord1631
ord7893
ord2903
ord8451
ord13889
ord2155
ord2346
ord2340
ord2350
ord6505
ord7068
ord2308
ord2374
ord293
ord287
ord291
ord1504
ord1667
ord1668
ord4510
ord8416
ord12600
ord8058
ord13891
ord5995
ord12030
ord14225
ord4638
ord4472
ord962
ord13597
ord12932
ord1428
ord12967
ord8501
ord8063
ord12925
ord13674
ord2182
ord482
ord3728
ord5326
ord12464
ord1503
ord1671
ord6239
ord5324
ord811
ord13595
ord12930
ord1332
ord6320
ord3756
ord6549
ord6250
ord12762
ord13864
ord8449
ord14128
ord2686
ord2222
ord6862
ord469
ord13697
ord13468
ord2779
ord5408
ord5981
ord8772
ord3735
ord10665
ord10713
ord10956
ord8888
ord12466
ord5376
ord12256
ord10941
ord8093
ord7395
ord2767
ord13023
ord2511
ord12100
ord12341
ord4549
ord9175
ord2662
ord12642
ord11775
ord1106
ord3997
ord3947
ord14132
ord5196
ord5188
ord10122
ord9942
ord10411
ord10827
ord10828
ord9054
ord11432
ord9670
ord8903
ord7241
ord5557
ord2212
ord2475
ord6247
ord4721
ord2473
ord438
ord12746
ord6361
ord3803
ord4725
ord2479
ord13999
ord4086
ord8441
ord2514
ord4357
ord4726
ord12720
ord13568
ord6634
ord8003
ord9200
ord9215
ord9205
ord9677
ord9682
ord9217
ord10199
ord8614
ord8604
ord11435
ord10811
ord8702
ord10835
ord9738
ord9739
ord6630
ord8917
ord11805
ord11770
ord7136
ord935
ord13573
ord6637
ord1405
ord2627
ord10806
ord7518
ord10964
ord10967
ord7372
ord2187
ord8161
ord12087
ord14278
ord3143
ord4696
ord985
ord1452
ord528
ord1149
ord8468
ord1766
ord5743
ord3185
ord11493
ord3725
ord4874
ord13361
ord13359
ord3715
ord767
ord1297
ord8070
ord7048
ord13109
ord746
ord13733
ord4232
ord1284
ord742
ord1489
ord13282
ord2858
ord13443
ord1280
ord622
ord1218
ord13137
ord4294
ord7741
ord7472
ord1832
ord551
ord6920
ord550
ord3887
ord2049
ord4244
ord4209
ord10531
ord12145
ord11182
ord4336
ord13865
ord4268
ord2969
ord13965
ord11105
ord11865
ord8099
ord14213
ord8908
ord9045
ord8931
ord11791
ord7540
ord7647
ord11199
ord8896
ord9411
ord11488
ord11122
ord11193
ord8523
ord2039
ord8124
ord12639
ord3232
ord3341
ord1169
ord5540
ord8997
ord11375
ord7255
ord777
ord4329
ord5549
ord14279
ord14165
ord7054
ord7049
ord7052
ord7053
ord7050
ord13626
ord7055
ord2109
ord8387
ord8226
ord8251
ord14337
ord265
ord290
ord9941
ord5555
ord6342
ord3096
ord6775
ord4083
ord8440
ord2907
ord3748
ord14194
ord2689
ord1157
ord8822
ord11901
ord11933
ord7920
ord11921
ord5706
ord3731
ord365
ord1059
ord8159
ord4307
ord13545
ord12923
ord12217
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord7719
ord12212
ord14088
ord1844
ord5401
ord5971
ord11664
ord11665
ord2011
ord11709
ord11928
ord7668
ord12625
ord3949
ord4011
ord9089
ord14216
ord7650
ord14210
ord12222
ord12223
ord2439
ord9838
ord9842
ord5183
ord8023
ord4317
ord7716
ord12544
ord12606
ord10124
ord11929
ord8084
ord7393
ord8167
ord804
ord2269
ord2273
ord2178
ord1091
ord6287
ord450
ord11855
ord8926
ord7235
ord6615
ord984
ord1451
ord4446
ord7673
ord7718
ord7739
ord7416
ord8158
ord2725
ord12685
ord11582
ord13846
ord8665
ord8899
ord8176
ord13937
ord12264
ord7047
ord13709
ord266
ord4913
ord14039
ord488
ord11644
ord345
ord1047
ord2795
ord12824
ord7551
ord7546
ord10965
ord10968
ord9840
ord9841
ord6867
ord475
ord9948
ord10915
ord10913
ord11344
ord1112
ord12802
ord3736
ord10803
ord11783
ord10808
ord8700
ord10831
ord9736
ord2625
ord7243
ord3697
ord3579
ord5240
ord13199
ord6848
ord7588
ord11999
ord11995
ord1153
ord11677
ord533
ord2298
ord2270
ord1120
ord2801
ord14227
ord486
ord4656
ord8452
ord4511
ord5709
ord286
ord280
ord285
ord2921
ord13949
ord12240
ord5674
ord4946
ord8826
ord1424
ord4095
ord3164
ord6588
ord7233
ord11813
ord6000
ord13397
ord2697
ord8901
ord11854
ord1089
ord8731
ord10704
ord11085
ord10163
ord3951
ord446
ord3307
ord3308
ord3071
ord6285
ord5916
ord6002
ord13401
ord3212
ord3209
ord9946
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord3713
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806

kernel32

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
CreateProcessW
GetLocalTime
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
Sleep
SetThreadLocale
SetThreadUILanguage
CreateToolhelp32Snapshot
Process32FirstW
SetUnhandledExceptionFilter
CloseHandle
IsDebuggerPresent
Process32NextW
GetCurrentProcess
CreateFileW
WideCharToMultiByte
GetPrivateProfileStringW
GetLastError
DeleteFileW
GetCurrentDirectoryW
GetThreadLocale
OutputDebugStringW
GetPrivateProfileIntW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStartupInfoW
InitializeSListHead

user32

InvalidateRect
GetClientRect
SetCursor
GetCursorPos
LoadCursorW
RedrawWindow
wsprintfA
SendMessageW
ReleaseDC
ShowWindow
UpdateWindow
SetForegroundWindow
MessageBoxW
FindWindowW
EnumWindows
GetWindowThreadProcessId
SetWindowTextW
GetDC
GetSubMenu
EnableMenuItem
GetSystemMetrics
LoadMenuW
SetCapture
ReleaseCapture
FillRect
EnableWindow
PostQuitMessage
InflateRect

gdi32

BitBlt
GetTextExtentPoint32W
SetPixel
CreateCompatibleDC
CreateCompatibleBitmap
Arc
GetStockObject

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
ShellExecuteW

comctl32

InitCommonControlsEx

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__CxxFrameHandler3
memset
__std_terminate
_CxxThrowException
_purecall
memmove
memcpy
__C_specific_handler

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

_initterm
_invalid_parameter_noinfo
_errno
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_wfopen
__stdio_common_vsscanf
fopen
fgets
__p__commode
_set_fmode
__stdio_common_vfprintf
__stdio_common_vswprintf
fclose

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8ea021c1af9dd2547bfdab123ea2aad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

shell32

comctl32

msvcp140

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 399KB - Virtual size: 399KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 399KB - Virtual size: 399KB

.reloc
Size: 4KB - Virtual size: 3KB