b83df05aba666d9e2e61f7ba964e0c17bfb22626604b2f413fa54cd7cc2034d2

Sharing

Copy URL Twitter E-mail

General

Target

b83df05aba666d9e2e61f7ba964e0c17bfb22626604b2f413fa54cd7cc2034d2
Size

308KB
MD5

2cf2dbbf37920707dfd3f30c388c7370
SHA1

6dd8e9a11a961aebc22d5d5685881cbff57485f5
SHA256

b83df05aba666d9e2e61f7ba964e0c17bfb22626604b2f413fa54cd7cc2034d2
SHA512

395b53b813d955be37a259eb6c29a9c7747ec154cc9e31dd901f0a45b61be0ca96751adafecedbb8062a34ee2852412e3e21a61103c60bdfb2fb60c425969554
SSDEEP

6144:4eZUQmm4HHkEUPOPmwzkJYxQa0BO6FYzdzC6kBVfJ0RnlRyNPILqYQ1kBXdX:4eZUQm1HEIkJyQa0k6mxzC3ODmPqQ1k3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b83df05aba666d9e2e61f7ba964e0c17bfb22626604b2f413fa54cd7cc2034d2

Files

b83df05aba666d9e2e61f7ba964e0c17bfb22626604b2f413fa54cd7cc2034d2
.exe windows:5 windows x86 arch:x86

50497be2102759c54bda52f76a5e3cb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jdk7_32P\jdk7\build\windows-i586\tmp\jbroker\obj\jbroker.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetEnvironmentVariableA
DecodePointer
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
GetLastError
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
lstrcatA
lstrcmpA
FindClose
FindFirstFileA
GetFullPathNameA
GetFileAttributesA
Sleep
GetTickCount
GetTempPathA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
DeleteFileA
FindNextFileA
CopyFileA
GetTempFileNameA
GetCurrentProcess
EncodePointer
IsDBCSLeadByte
FreeLibrary
FindResourceA
LoadLibraryExA
GetModuleFileNameA
lstrcpyW
lstrcpyA
GetSystemDirectoryA
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
GetVersionExA
LoadLibraryA
LocalAlloc
FormatMessageA
GetLongPathNameA
InterlockedDecrement
OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReadFile
WriteFile
ConnectNamedPipe
CreateNamedPipeA
WaitNamedPipeA
CreateMutexA
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation

user32

CharNextA
wsprintfA
wsprintfW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
StringFromCLSID
CoInitialize
CoTaskMemAlloc

oleaut32

SysAllocString
VarUI4FromStr
SysAllocStringLen
SysFreeString
VariantClear

msvcr100

_strdup
_mkdir
_mbsnbcpy_s
_stricmp
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
??_V@YAXPAX@Z
strchr
strstr
_chdir
_mbsstr
malloc
free
memcpy_s
_CxxThrowException
islower
atoi
??_U@YAPAXI@Z
_local_unwind4
calloc
memset
_stat64i32
_snprintf
_resetstkoflw
__CxxFrameHandler3
memmove
memcpy
strtok
_splitpath
??2@YAPAXI@Z
_recalloc
strncpy
fclose
fwrite
fseek
fread
fopen
sprintf
_splitpath_s
sprintf_s
strcat_s
strcpy_s
_mbscmp
_localtime64
_snprintf_s
strftime
_ftime64_s
_vsnprintf_s
_getdrive
_errno
exit
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_time64
fprintf
asctime
vsprintf
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50497be2102759c54bda52f76a5e3cb6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

ole32

oleaut32

msvcr100

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 238KB - Virtual size: 240KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 238KB - Virtual size: 240KB