7a212a3a6c71746e5e86d1ea76d261daa18b57f100c9cc5bf0c4c5e5c394b0b5

Sharing

Copy URL Twitter E-mail

General

Target

7a212a3a6c71746e5e86d1ea76d261daa18b57f100c9cc5bf0c4c5e5c394b0b5
Size

820KB
MD5

db99ebac6d879465368ddd422579fcff
SHA1

cdff5e3d17a18394e5665e2b9c655c86acbb2549
SHA256

7a212a3a6c71746e5e86d1ea76d261daa18b57f100c9cc5bf0c4c5e5c394b0b5
SHA512

330404e2f44fcd2d582b901855b849445195f5a39835d06aa575e0833856d3f83ac305082b84e606f173cd4a952ab93db1904412fc62e5301be4b44ecae97263
SSDEEP

6144:JpjM20/I+d1x/aDRi2pkpfFKsK9k+eEx0DOoPeVfziQYqVSO1wsdcIS5xzAfch0u:JpD1hYIMfAH9BeEDf2KeNx0cij5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a212a3a6c71746e5e86d1ea76d261daa18b57f100c9cc5bf0c4c5e5c394b0b5

Files

7a212a3a6c71746e5e86d1ea76d261daa18b57f100c9cc5bf0c4c5e5c394b0b5
.exe windows:5 windows x86 arch:x86

321de05f13019bba3076787322301d56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ThirdFlash\Release\JCDevFlash.pdb

Imports

libcurl-4

curl_easy_setopt
curl_easy_cleanup
curl_slist_append
curl_easy_init
curl_global_cleanup
curl_global_init
curl_easy_perform

libjson

??4Value@Json@@QAEAAV01@ABV01@@Z
??1Value@Json@@QAE@XZ
??0Value@Json@@QAE@W4ValueType@1@@Z
??0Value@Json@@QAE@PBD@Z
??AValue@Json@@QAEAAV01@I@Z
?size@Value@Json@@QBEIXZ
?isNull@Value@Json@@QBE_NXZ
?asBool@Value@Json@@QBE_NXZ
?asInt@Value@Json@@QBEHXZ
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asCString@Value@Json@@QBEPBDXZ
??0Value@Json@@QAE@H@Z
?append@Value@Json@@QAEAAV12@ABV12@@Z
??0Value@Json@@QAE@_N@Z
??0Value@Json@@QAE@ABV01@@Z
?parse@Reader@Json@@QAE_NAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAVValue@2@_N@Z
??0Reader@Json@@QAE@XZ
??1Writer@Json@@UAE@XZ
?write@StyledWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
??0StyledWriter@Json@@QAE@XZ
??AValue@Json@@QAEAAV01@PBD@Z

msvcp140

??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
??0_Lockit@std@@QAE@H@Z
?width@ios_base@std@@QAE_J_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

mfc140u

ord2205
ord952
ord6860
ord995
ord13911
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord10379
ord5357
ord8324
ord7997
ord4589
ord12865
ord12928
ord10433
ord12247
ord8386
ord1472
ord7653
ord8470
ord13442
ord12219
ord12251
ord8217
ord12239
ord5918
ord3852
ord890
ord1391
ord7441
ord7164
ord6588
ord3189
ord4224
ord8745
ord2994
ord3874
ord14573
ord2753
ord1179
ord9131
ord9701
ord10737
ord7410
ord8776
ord3954
ord14047
ord8345
ord6559
ord6812
ord13293
ord13070
ord7066
ord8773
ord5419
ord7654
ord2246
ord2522
ord6497
ord3147
ord4222
ord8744
ord2993
ord3872
ord1070
ord9128
ord358
ord4881
ord2520
ord450
ord1108
ord6486
ord6549
ord1133
ord7819
ord7027
ord1653
ord2865
ord2996
ord13935
ord8757
ord8182
ord5110
ord1046
ord316
ord1665
ord501
ord1143
ord4093
ord6316
ord5582
ord2256
ord4817
ord5422
ord7820
ord4477
ord8754
ord2172
ord8225
ord8032
ord1526
ord13251
ord2457
ord2458
ord8719
ord286
ord2990
ord985
ord2029
ord1462
ord4886
ord8817
ord14234
ord5763
ord14466
ord3833
ord13275
ord6490
ord3145
ord4219
ord1066
ord9126
ord290
ord6566
ord3882
ord9209
ord8219
ord5409
ord7712
ord7723
ord7722
ord5228
ord5411
ord5252
ord5525
ord9350
ord5760
ord5549
ord5249
ord2304
ord6489
ord6834
ord3257
ord4236
ord1446
ord9135
ord3697
ord1113
ord3164
ord3403
ord3404
ord4092
ord10472
ord11396
ord11015
ord9040
ord1111
ord9210
ord2760
ord13752
ord6218
ord12131
ord1002
ord12168
ord3265
ord3371
ord3372
ord3941
ord12124
ord2682
ord14137
ord5935
ord13703
ord11717
ord6877
ord14596
ord7923
ord14590
ord3055
ord4494
ord9693
ord5790
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord1476
ord2761
ord8210
ord10255
ord3302
ord3305
ord13756
ord6220
ord6129
ord7109
ord462
ord12173
ord9235
ord7495
ord8360
ord12884
ord4664
ord3846
ord1525
ord1523
ord1045
ord280
ord296
ord5884
ord1663
ord5921
ord285
ord3009
ord14320
ord4815
ord7313
ord10250
ord2345
ord1692
ord898
ord6795
ord6533
ord2750
ord4663
ord1689
ord968
ord13628
ord13806
ord13800
ord1447
ord13086
ord8811
ord2409
ord8365
ord4649
ord2215
ord14131

kernel32

GetLastError
DeleteCriticalSection
OutputDebugStringW
GetProcAddress
LoadLibraryExW
InitializeCriticalSection
SetFilePointer
LeaveCriticalSection
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
FreeLibrary
LoadLibraryW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetCommandLineW
CreateSemaphoreW
InitializeConditionVariable
WakeAllConditionVariable
ReleaseSemaphore
SleepConditionVariableCS
MultiByteToWideChar
GetLocalTime
FreeResource
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalAlloc
SizeofResource
WideCharToMultiByte
ReleaseMutex
CreateMutexW
WriteFile
GetDiskFreeSpaceExW
TerminateThread
DeleteFileW
GetACP
FindClose
RemoveDirectoryW
OutputDebugStringA
WaitForSingleObject
CreateFileW
CreateEventW
Sleep
SetEvent
QueryPerformanceFrequency
CloseHandle
FindNextFileW
ResetEvent
GetFileSizeEx
FindFirstFileW
GetFileSize
QueryPerformanceCounter

user32

LoadIconW
GetClassInfoW
PostThreadMessageW
ScreenToClient
CopyRect
DefWindowProcW
CreateWindowExW
ShowWindow
RegisterClassW
EnableWindow
InvalidateRect
UpdateWindow
GetParent
GetClientRect
SendMessageW
PostMessageW
IsWindowVisible
MoveWindow
KillTimer
SetTimer
MessageBoxW
GetWindowRect
ClientToScreen
GetSystemMetrics
SetCursor
SetRect
FillRect
GetDC
PtInRect
LoadCursorW
TrackMouseEvent
InflateRect
EndPaint
BeginPaint
ReleaseDC
PostQuitMessage
UpdateLayeredWindow
SetWindowLongW
GetWindowDC

gdi32

DeleteObject
Rectangle
CreateFontW
CreateEllipticRgn
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetObjectA
CreateSolidBrush
BitBlt
SetBkMode
DeleteDC

msimg32

AlphaBlend

shell32

ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

ole32

CreateStreamOnHGlobal

gdiplus

GdipCloneRegion
GdipDeleteRegion
GdipReleaseDC
GdipCreateStringFormat
GdipGetImageHeight
GdipFillRegion
GdipCreateRegionPath
GdipSetCompositingQuality
GdipCreateFontFromLogfontA
GdipSetEmpty
GdipAddPathArcI
GdipDrawImageRectI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipFillPath
GdipAddPathLineI
GdipFillClosedCurveI
GdipAddPathBezierI
GdipSetSolidFillColor
GdipCreateFontFromDC
ord1
GdipDrawString
GdipSetTextRenderingHint
GdipMeasureString
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageWidth
GdipSetStringFormatAlign
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreatePen1
GdipDrawLineI
GdipDrawRectangleI
GdipDeleteBrush
GdipAlloc
GdipCreateSolidFill
GdipFree
GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangleI
GdipCreatePen2
GdipCreateRegionHrgn
GdipDrawPath
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
GdipCombineRegionRegion
GdiplusStartup
GdipSetSmoothingMode

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW

dbghelp

MiniDumpWriteDump

vcruntime140

memcpy
memcmp
__std_exception_destroy
strstr
strchr
_purecall
__CxxFrameHandler3
memmove
_except_handler4_common
memchr
_CxxThrowException
__std_exception_copy
memset
__RTDynamicCast

api-ms-win-crt-stdio-l1-1-0

__p__commode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fflush
fopen
_set_fmode
fread
__stdio_common_vsprintf
fopen_s
fwrite
__stdio_common_vsnprintf_s
fseek
fclose
ferror
fputc
ftell
fgetc

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp
_strdup
_strupr
isalpha
isalnum
isdigit
isspace
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
_i64toa
_ui64toa
strtol

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_sin_precise
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

) ��uv
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

321de05f13019bba3076787322301d56

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcurl-4

libjson

msvcp140

mfc140u

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

ole32

gdiplus

setupapi

dbghelp

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 369KB - Virtual size: 369KB

.rdata Size: 308KB - Virtual size: 308KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 28KB - Virtual size: 28KB

) ��uv Size: 16KB - Virtual size: 20KB

.text
Size: 369KB - Virtual size: 369KB

.rdata
Size: 308KB - Virtual size: 308KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 28KB - Virtual size: 28KB

) ��uv
Size: 16KB - Virtual size: 20KB