JMuzTcQ[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

JMuzTcQ.exe
Size

8.6MB
MD5

adc9c03c90919b441fbcc6d955da6e47
SHA1

4ea9ef4e67ab0eae9e01b413b0240c922cc10494
SHA256

53780af3381308c506e4d93492092a26bfd0f6b96b657bb39acfa4229631d134
SHA512

ed8bef8a2cc142169e59498f5cb40cb6966af49548a46be032273b21b4a705a67ea60dfb228c0a04690510f65a0fb154d8596bac544a008569c4751ec9cba510
SSDEEP

98304:OYy52NUrVfBEZZvjczoB9B7W1Brm7Emc6nd3Qi697kzOdIOZ3ilcfp20qrTyqP3z:SZmX36iT6q/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JMuzTcQ.exe

Files

JMuzTcQ.exe
.exe windows:6 windows x64 arch:x64

5332aaf7b97006643f9d1aebcf40a5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\root\Documents\GitHub\Loader\src-tauri\target\release\deps\allude.pdb

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtWriteFile
RtlGetNtVersionNumbers
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile

kernel32

CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
WriteConsoleW
MultiByteToWideChar
GetCurrentProcessId
LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
GetFullPathNameW
ExitProcess
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
QueryPerformanceFrequency
WakeConditionVariable
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LoadLibraryA
FormatMessageW
WaitForSingleObject
LoadLibraryExW
GetLastError
HeapAlloc
HeapFree
GetEnvironmentVariableW
GetProcessHeap
FreeLibrary
Sleep
WakeAllConditionVariable
TerminateProcess
LoadLibraryExA
TryAcquireSRWLockExclusive
GetStdHandle
lstrlenW
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
VirtualFreeEx
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
DuplicateHandle
OpenProcess
CloseHandle
GetVolumeInformationA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsSetValue
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
SetFileInformationByHandle
ReleaseSRWLockShared
AcquireSRWLockShared
SleepConditionVariableSRW
GetSystemInfo
GetCommandLineW
GetCurrentProcess
SetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SetHandleInformation
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CreateFileW
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetConsoleMode
K32GetPerformanceInfo
GlobalMemoryStatusEx
VirtualQueryEx
ReadProcessMemory
TlsFree

user32

DispatchMessageA
GetMessageA
DispatchMessageW
TranslateAcceleratorW
ToUnicodeEx
GetKeyboardLayout
CreateIcon
GetRawInputData
PostQuitMessage
AppendMenuW
CreateMenu
CheckMenuItem
DefWindowProcW
GetAncestor
SendInput
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetMessageW
EnumDisplayMonitors
IsProcessDPIAware
GetDC
FlashWindowEx
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ChangeDisplaySettingsExW
ShowCursor
MapVirtualKeyW
TranslateMessage
ClipCursor
GetClipCursor
SetWindowPos
SetWindowPlacement
EnableMenuItem
GetSystemMenu
ShowWindow
GetMonitorInfoW
GetWindowPlacement
SetWindowLongW
SendMessageW
MonitorFromWindow
GetCursorPos
SetCursor
DestroyIcon
DestroyAcceleratorTable
InvalidateRgn
CreateAcceleratorTableW
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
CloseTouchInputHandle
ScreenToClient
EnumChildWindows
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
LoadCursorW
ClientToScreen
GetClientRect
GetWindowLongW
DestroyWindow
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
RedrawWindow
MonitorFromPoint
SetCursorPos
GetForegroundWindow
GetActiveWindow
IsIconic
SetMenu
ReleaseCapture
PostMessageW
SetMenuItemInfoW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW

comctl32

RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc

ole32

OleInitialize
RegisterDragDrop
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
RevokeDragDrop

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
CommandLineToArgvW
SHGetKnownFolderPath

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
SysFreeString

uxtheme

SetWindowTheme

advapi32

OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
SystemFunction036
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

bcrypt

BCryptGenRandom

secur32

InitializeSecurityContextW
ApplyControlToken
FreeContextBuffer
EncryptMessage
DecryptMessage
DeleteSecurityContext
AcceptSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW

ws2_32

getaddrinfo
closesocket
freeaddrinfo
getsockname
getpeername
WSASocketW
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSACleanup
WSAStartup
WSASend
setsockopt
WSAIoctl
WSAGetLastError
bind

crypt32

CertFreeCertificateContext
CertGetCertificateChain
CertDuplicateCertificateContext
CertOpenStore
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore

pdh

PdhOpenQueryA
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCloseQuery

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
round
trunc
floor

api-ms-win-crt-string-l1-1-0

wcsncmp
wcslen
_wcsicmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_cexit
_exit
exit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
abort
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5332aaf7b97006643f9d1aebcf40a5bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

oleaut32

uxtheme

advapi32

bcrypt

secur32

ws2_32

crypt32

pdh

powrprof

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 279KB - Virtual size: 278KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 279KB - Virtual size: 278KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 53KB - Virtual size: 53KB