f20a57124e937cd1fc664b8227179d0059fd13313828cbd2a5d8938c383301d0

Sharing

Copy URL Twitter E-mail

General

Target

f20a57124e937cd1fc664b8227179d0059fd13313828cbd2a5d8938c383301d0
Size

607KB
MD5

b0b98a39ef68ae7ce0ba1fd5e3c3c790
SHA1

d8f667da6c5b6df024bf2b0d27bcb553ee476ba0
SHA256

f20a57124e937cd1fc664b8227179d0059fd13313828cbd2a5d8938c383301d0
SHA512

04bdd630beafc9f7b7098f107e5af34bc6cc32b8fcdb32b0e97bca929e05c2ecfa89d0930d758bcd0047e35f0ff35561060d9944e82f41fd01f319062fdb7d35
SSDEEP

3072:mH5zFwz5kxfHhDqzxTNh4eX7LA9qFGLz2QIuU3C0SV/hQ4Gmz1W1z4vOtEcfcfcz:dz5kxf4zxTT4mUWGv2LuUSP/E4vOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20a57124e937cd1fc664b8227179d0059fd13313828cbd2a5d8938c383301d0

Files

f20a57124e937cd1fc664b8227179d0059fd13313828cbd2a5d8938c383301d0
.exe windows:6 windows x86 arch:x86

f3355a57b0c646ee47c6ad8eb5484d9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\NetCOBOL\JINJV10FLD\PRG\Release\JK0120CG.pdb

Imports

f5ddfcb4

XPOW_CPY_COBOL_PARAM
?sMarkPowerCobolMain@OFjCobCmpScr@@SGXXZ
?sLoadCobolCount@OFjCobCmpScr@@SGXXZ
?sUnloadCobolCount@OFjCobCmpScr@@SGXXZ
?sCanClearCobolRuntime@OFjCobCmpScr@@SGHXZ
XPOW_SET_COBOL_PARAM
XPOW_INVOKE_BY_ID_2

f5ddcy41

?sExeEntry@OCfModule@@SGKPAUHINSTANCE__@@PADHPAPAUICfModule@@PAX@Z

f5ddgadp

XPOWCFWNDGETENABLED
XPOWCFWNDSETTEXT
XPOWCOMBOOPENFILE
XPOWCFFORMDISPLAYMESSAGE
XPOWCFWNDGETNUMERIC
XPOWCMTEXTBOXGETTEXT
XPOWCFWNDGETTEXT
XPOWCOMBOGETSELSTRING
XPOWCOMBOGETSELECT
XPOWCOMBOSETSELECT
XPOWCFFORMOPENDLLFORM
XPOWCFFORMOPENFORM
XPOWCFWNDSETNUMERIC
XPOWCFCONTROLSETVISIBLE
XPOWLISTGETSELECT
XPOWLISTGETSELSTRING
XPOWCFFORMCLOSEFORMMYSELF
XPOWCFWNDSETENABLED
XPOWLISTADDSTRING
XPOWLISTGETCOUNT
XPOWLISTSETSELECT
XPOWCFFORMALARMDEF
XPOWCFCONTROLSETFOCUS

f5ddeadp

XPOWTIMERSETACTIVATE

f5ddbadp

XPOWCMTABLEGETNUMERIC2
XPOWCMTABLEGETTEXT2
XPOWCMTABLEGETROW
XPOWCMTABLESETROWS
XPOWCMTABLEGETROWS
XPOWCMTABLEGETCOLWIDTH
XPOWCMTABLESETCOLWIDTH
XPOWCMTABLESETTEXT2
XPOWCMTABLESETNUMERIC2
XPOWCMTABLEGETCOLS
XPOWCMTABLESETTEXTCOLOR2
XPOWCMTABLESETBACKCOLOR2
XPOWCMTABLEGETCLICKROW

f3biprct

ord19
ord28
ord20
ord39
ord67
ord54
ord29
ord18
ord27
ord25
ord26
ord3
ord31
ord1

f3bilpio

ord8
ord9
ord1

f3biio

ord22
ord38

f3biprio

ord1

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_get_narrow_winmain_command_line
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
_initialize_narrow_environment
exit
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_initterm_e
_configure_narrow_argv
_set_app_type
_initterm
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

Exports

Exports

JK0120CG
JK0121CG
JKJINJ13
JKNAME01
PRTPRVCG

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3355a57b0c646ee47c6ad8eb5484d9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

f5ddfcb4

f5ddcy41

f5ddgadp

f5ddeadp

f5ddbadp

f3biprct

f3bilpio

f3biio

f3biprio

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 15KB - Virtual size: 16KB

.rodata Size: 24KB - Virtual size: 23KB

.rsrc Size: 239KB - Virtual size: 238KB

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 15KB - Virtual size: 16KB

.rodata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 239KB - Virtual size: 238KB