5686cb5c02005ff9479cf9a02a751fae3da62bf0c441cec5b475d2347091f77d

General

Target

5686cb5c02005ff9479cf9a02a751fae3da62bf0c441cec5b475d2347091f77d
Size

3.6MB
MD5

8d48633926b1ab8a47dd34d5ae3f132a
SHA1

3c6f15624ed9a8b4c36ca778982da2f222bbfbc5
SHA256

5686cb5c02005ff9479cf9a02a751fae3da62bf0c441cec5b475d2347091f77d
SHA512

843e77946d0abb017c4f3ea82aa9aa7d4f2b28f0ff4a1be8c0fb2ecf6d5409ae0602bad71ee3cefc792533fd3aa6e246d4aca4518ae2a40fb461169f6776edb8
SSDEEP

49152:X2afV7uNRXNxDwnNTB7HUk1A2RAR5FeA6wPcY/VDkYOMwwnMb4PmyV:j4R9x8t66XYOXwnS4rV

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5686cb5c02005ff9479cf9a02a751fae3da62bf0c441cec5b475d2347091f77d

Files

5686cb5c02005ff9479cf9a02a751fae3da62bf0c441cec5b475d2347091f77d
.exe windows:5 windows x64 arch:x64

2c43cda2243b5af72e180e8d1f09446d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\re\jdk7u45\229\build\windows-amd64\tmp\sun\launcher\servertool\obj64\servertool.pdb

Imports

jli

JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch

msvcr100

__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__initenv
_amsg_exit
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
getenv
printf
__argc
__argv
_initterm

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
EncodePointer
Sleep
GetCommandLineA
DecodePointer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c43cda2243b5af72e180e8d1f09446d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jli

msvcr100

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 200B

.pdata Size: 512B - Virtual size: 192B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 74B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 200B

.pdata
Size: 512B - Virtual size: 192B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 74B