jbroker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

jbroker.exe
Size

80KB
MD5

cb23d3fcfac9b3c64f499cdd26b0e53d
SHA1

6fcdc1548b828db8578acaec6a36464aed267af3
SHA256

b251520c354423ee5e0e84a7e3b778195ac4324c110369ee69201dcecad3f91c
SHA512

50ab5870013daf56a90aa2d04d79ca14773d19db42632b6680b961ed0042f9029d0db3e0a8ddf197dfcb761876439116e07e1ea271edca52e0d40ee04cef2748
SSDEEP

1536:1vBFc1Yjk1Ql/lKhwUS3XbfmiCqVTYKJuHJbAQkEUPH7zOPm74HCaWMadC8z:dBFVgurRrfmUb4HJUQkEUPHHOPm74Hc9

Score

1^/10

Malware Config

Signatures

Files

jbroker.exe
.exe windows:5 windows x86 arch:x86

50497be2102759c54bda52f76a5e3cb6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/07/2010, 00:00

Not After

06/07/2013, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:94:95:26:a2:1b:16:46:2f:2d:e7:07:b1:6f:07:34:8f:28:0f:a6
Signer

Actual PE Digest

39:94:95:26:a2:1b:16:46:2f:2d:e7:07:b1:6f:07:34:8f:28:0f:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jdk7_32P\jdk7\build\windows-i586\tmp\jbroker\obj\jbroker.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetEnvironmentVariableA
DecodePointer
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
GetLastError
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
lstrcatA
lstrcmpA
FindClose
FindFirstFileA
GetFullPathNameA
GetFileAttributesA
Sleep
GetTickCount
GetTempPathA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
DeleteFileA
FindNextFileA
CopyFileA
GetTempFileNameA
GetCurrentProcess
EncodePointer
IsDBCSLeadByte
FreeLibrary
FindResourceA
LoadLibraryExA
GetModuleFileNameA
lstrcpyW
lstrcpyA
GetSystemDirectoryA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetVersionExA
LoadLibraryA
LocalAlloc
FormatMessageA
GetLongPathNameA
InterlockedDecrement
OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReadFile
WriteFile
ConnectNamedPipe
CreateNamedPipeA
WaitNamedPipeA
CreateMutexA
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation

user32

CharNextA
wsprintfA
wsprintfW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID
CoInitialize
CoTaskMemAlloc

oleaut32

SysAllocString
VarUI4FromStr
SysAllocStringLen
SysFreeString
VariantClear

msvcr100

_strdup
_mkdir
_mbsnbcpy_s
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
??_V@YAXPAX@Z
strchr
strstr
_chdir
_mbsstr
malloc
free
memcpy_s
_CxxThrowException
islower
atoi
??_U@YAPAXI@Z
_local_unwind4
calloc
memset
_stat64i32
_snprintf
_resetstkoflw
__CxxFrameHandler3
memmove
memcpy
strtok
_splitpath
??2@YAPAXI@Z
_recalloc
strncpy
fclose
fwrite
fseek
fread
fopen
sprintf
_splitpath_s
sprintf_s
strcat_s
strcpy_s
_mbscmp
_localtime64
_snprintf_s
strftime
_ftime64_s
_vsnprintf_s
_getdrive
_errno
exit
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_time64
fprintf
asctime
vsprintf
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50497be2102759c54bda52f76a5e3cb6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7Certificate

Extended Key Usages

Key Usages

39:94:95:26:a2:1b:16:46:2f:2d:e7:07:b1:6f:07:34:8f:28:0f:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

ole32

oleaut32

msvcr100

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5e:f1:dc:1e:fb:1e:46:b5:de:80:ed:e1:76:2a:55:a7
Certificate

39:94:95:26:a2:1b:16:46:2f:2d:e7:07:b1:6f:07:34:8f:28:0f:a6
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB