jhi_service[.]exe

Resubmissions

13/06/2024, 07:27

240613-h95t8stbkk 1

Sharing

Copy URL Twitter E-mail

General

Target

jhi_service.exe
Size

637KB
MD5

9ed45aab752ce20b5302a58440403682
SHA1

70dbd4ddacef8a84322fc629b5580163a0e9d7c2
SHA256

2f822120640a9b5ebac02657ec20bab5c0943cd3873facd83f8a505d25b6bd56
SHA512

4a5566cc8455126f903f8f0a10de57210d643971204bc6e2f25619651c421de1cd33cb4417ca2fff3f1a7c74558cc16f1b39eccde7fae50cd8c6bd0276f13439
SSDEEP

12288:aARZdtSoxJVgwiOaRyXMurXaarilChgSKXLJo1bFsoPlAMZRY+:VREoRgd3RKFjklChgSKlAbFsoPlAMZR

Score

1^/10

Malware Config

Signatures

Files

jhi_service.exe
.exe windows:6 windows x64 arch:x64

668f91ad79b3ef0d76777aaa1dd4f02e

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:00:00:08:2b:1e:36:c5:6b:00:27:6a:8a:00:00:00:00:08:2b
Certificate

Issuer

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

24/10/2018, 06:57

Not After

23/10/2020, 06:57

Subject

CN=Intel(R) Embedded Subsystems and IP Blocks Group,OU=EIG,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/10/2015, 00:00

Not After

17/06/2021, 23:59

Subject

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:a5:d5:25:1f:75:29:a5:ba:3c:73:b4:49:6f:a2:c1:b0:c5:6c:9f
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

20/04/2018, 16:52

Not After

17/03/2021, 18:33

Subject

CN=timestamp.intel.com,OU=Thales TSS ESN:0E37-9649-08C5,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2019, 18:06

Not After

03/06/2020, 18:06

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c
Signer

Actual PE Digest

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c

Digest Algorithm

sha256

PE Digest Matches

true

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c
Signer

Actual PE Digest

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\buildagent-cd_8811\workspace\11934\VisualStudio\bin\x64\Universal_Release\jhi_service.pdb

Imports

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateMutexA
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
EnterCriticalSection
ReleaseMutex
SetEvent
ReleaseSemaphore
CreateEventA
DeleteCriticalSection
OpenEventA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileExW
SetFileAttributesW
FindNextFileW
CreateDirectoryW
GetFileType
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
CreateFileA
CreateFileW
GetFileAttributesExW
FindFirstFileW
DeleteFileW
ReadFile
WriteFile

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetStdHandle
GetCommandLineA
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-file-l2-1-0

CopyFileExW
MoveFileExW

ws2_32

WSACleanup
accept
bind
closesocket
listen
getaddrinfo
connect
WSAGetLastError
freeaddrinfo
WSAStartup
recv
ntohs
socket
send
getsockname
shutdown

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetExitCodeProcess
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Unregister_Notification

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA

api-ms-win-core-kernel32-legacy-l1-1-4

GetMailslotInfo

api-ms-win-core-kernel32-legacy-l1-1-0

CreateMailslotA

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-service-management-l2-1-0

SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfig2W

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-service-management-l1-1-0

DeleteService
OpenSCManagerW
OpenServiceW
CreateServiceW
StartServiceW
CloseServiceHandle

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
GetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-heap-l2-1-0

LocalFree

oleaut32

SysAllocString
VariantClear
SysFreeString
SafeArrayGetUBound
VariantInit
GetErrorInfo

advapi32

RegisterEventSourceW
BuildExplicitAccessWithNameW
DeregisterEventSource
ReportEventW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-l1-2-0

IsValidCodePage
LCMapStringW
IsValidLocale
GetUserDefaultLCID
GetCPInfo
FormatMessageW
EnumSystemLocalesW
GetACP
GetLocaleInfoW
GetOEMCP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
GetConsoleMode
WriteConsoleW

Exports

Exports

TEE_Transport_Create

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

668f91ad79b3ef0d76777aaa1dd4f02e

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

56:00:00:08:2b:1e:36:c5:6b:00:27:6a:8a:00:00:00:00:08:2bCertificate

Extended Key Usages

Key Usages

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3Certificate

Extended Key Usages

Key Usages

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bfCertificate

Key Usages

3c:a5:d5:25:1f:75:29:a5:ba:3c:73:b4:49:6f:a2:c1:b0:c5:6c:9fCertificate

Extended Key Usages

Key Usages

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1cSigner

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l2-1-0

ws2_32

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-4

api-ms-win-core-kernel32-legacy-l1-1-0

rpcrt4

api-ms-win-core-processthreads-l1-1-1

api-ms-win-service-management-l2-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-heap-l2-1-0

oleaut32

advapi32

api-ms-win-core-io-l1-1-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

56:00:00:08:2b:1e:36:c5:6b:00:27:6a:8a:00:00:00:00:08:2b
Certificate

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

3c:a5:d5:25:1f:75:29:a5:ba:3c:73:b4:49:6f:a2:c1:b0:c5:6c:9f
Certificate

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c
Signer

c2:e3:23:77:ac:c4:d9:dd:10:df:10:86:1e:a4:02:18:8e:72:56:63:be:4a:76:e0:31:59:53:d7:57:5a:7a:1c
Signer

.text
Size: 421KB - Virtual size: 421KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 7KB - Virtual size: 23KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB