9df52cd7fbbb57272059f8ed713e796fc1236660191313b6f97eddf0b149f3fb

General

Target

9df52cd7fbbb57272059f8ed713e796fc1236660191313b6f97eddf0b149f3fb
Size

2.5MB
MD5

1fc43bfb91a3e2ec16ddd259cff2b7b8
SHA1

37093e65e5011db6ff1ffd23968e6fea9907a60d
SHA256

9df52cd7fbbb57272059f8ed713e796fc1236660191313b6f97eddf0b149f3fb
SHA512

8aea094d2c5938f86341cf44cc63276fb3d0facf9a5b129b52f986d4d12b118c9de9fa23528f498b487f9891b3a6848ab9dc853159f52f49606cdd149ae85982
SSDEEP

49152:X2aDHXpT1a2aDHXpThV7uNRXNxDwnNTBBn1d3So72nMbze:o4R9x8Xnh7De

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9df52cd7fbbb57272059f8ed713e796fc1236660191313b6f97eddf0b149f3fb

Files

9df52cd7fbbb57272059f8ed713e796fc1236660191313b6f97eddf0b149f3fb
.exe windows:5 windows x64 arch:x64

2c43cda2243b5af72e180e8d1f09446d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\re\jdk7u45\229\build\windows-amd64\tmp\sun\launcher\servertool\obj64\servertool.pdb

Imports

jli

JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch

msvcr100

__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__initenv
_amsg_exit
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
getenv
printf
__argc
__argv
_initterm

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
EncodePointer
Sleep
GetCommandLineA
DecodePointer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c43cda2243b5af72e180e8d1f09446d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jli

msvcr100

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 200B

.pdata Size: 512B - Virtual size: 192B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 74B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 200B

.pdata
Size: 512B - Virtual size: 192B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 74B