JMTR[.]exe | Triage

Resubmissions

24/06/2024, 18:40

240624-xa6d2sxapc 3

Sharing

Copy URL Twitter E-mail

General

Target

JMTR.exe
Size

450KB
MD5

93414c458acd8fbd54b0b0d153747c66
SHA1

7c13532b407c8b7fcddfec7945e2fe660672e2ed
SHA256

38019c5edc99f9c3a141115b6f8e9bdb7eb164a8eb4f619b535e3722be22ac68
SHA512

c8195cef43538ed4a34dea67b98477870e4a028b7d84fa228e0a9ecf866f0e45b572065e07e8d899c39bbe55d0caa2b39028e24c1d4f4dbd013d7c6c73671cf9
SSDEEP

3072:WwUxliZtyV1fkF8z1DUnBu3JLPh487qHrCLPkcIlgz9tTXLMMDnRvh5n4Fnwfl:Wnqy1fVzBUBuFP5GLEzPDhfn4Fkl

Score

1^/10

Malware Config

Signatures

Files

JMTR.exe
.exe windows:4 windows x86 arch:x86

c2971e27e558678b614d78284a46f77e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:dd:87:9d:6f:20:af:af:68:4e:c9:ed:d3:ce:56:37:a0:d8:b2:59
Signer

Actual PE Digest

e9:dd:87:9d:6f:20:af:af:68:4e:c9:ed:d3:ce:56:37:a0:d8:b2:59

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
TerminateProcess
CreateProcessW
GetDriveTypeW
GetLogicalDrives
CreateThread
ResetEvent
OpenEventW
SetEvent
LoadLibraryW
CreateEventW
InitializeCriticalSection
GetFullPathNameW
GetSystemDirectoryW
WaitForMultipleObjects
GetTempPathW
GetCommandLineW
GetVersion
GetModuleFileNameW
FlushFileBuffers
LocalAlloc
SetConsoleCtrlHandler
SetEndOfFile
IsBadCodePtr
SetUnhandledExceptionFilter
SetStdHandle
GetStringTypeW
GetStringTypeA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetModuleFileNameA
ReadFile
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SystemTimeToFileTime
GetCurrentThread
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
FatalAppExitA
DeleteCriticalSection
ExitProcess
GetStartupInfoW
GetModuleHandleA
WideCharToMultiByte
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
CompareFileTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
lstrlenW
CreateFileMappingW
MapViewOfFile
GetFileSize
UnmapViewOfFile
GetTickCount
VirtualProtect
IsBadReadPtr
GetCurrentDirectoryW
GetOEMCP
DeviceIoControl
SetFileAttributesW
DeleteFileW
CopyFileW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WriteFile
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileAttributesW
LocalFree
FormatMessageW
Sleep
HeapSize
DebugBreak
GetModuleHandleW
GetProcAddress
InterlockedExchange
SetLastError
CreateFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetCurrentProcess
CloseHandle
GetVersionExW
CreateFileA
SetFilePointer
GetLastError
CompareStringA
CompareStringW
GetACP
GetStartupInfoA
RaiseException

user32

EndPaint
BeginPaint
PtInRect
IsZoomed
CallWindowProcW
DrawFrameControl
CreateDialogParamW
UnionRect
OffsetRect
GetSystemMetrics
EndDeferWindowPos
EnumChildWindows
BeginDeferWindowPos
GetPropW
DeferWindowPos
GetClassNameW
SetWindowPlacement
UpdateWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
ScreenToClient
DrawTextW
GetWindowTextW
wsprintfW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DialogBoxIndirectParamW
GetWindowLongW
SetWindowLongW
SetFocus
GetMenu
CheckMenuItem
GetWindowPlacement
GetDlgItemTextW
SetTimer
EnableWindow
DialogBoxParamW
KillTimer
DefWindowProcW
MsgWaitForMultipleObjects
LoadIconW
SetWindowTextW
DestroyIcon
PostQuitMessage
SetDlgItemTextW
IsWindowEnabled
CheckDlgButton
IsDlgButtonChecked
RegisterClassExW
ShowWindow
MapWindowPoints
CreateWindowExW
SetCapture
ReleaseCapture
EndDialog
GetParent
GetWindowRect
MoveWindow
GetDlgItem
LoadCursorW
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
OpenClipboard
EmptyClipboard
SendMessageW
SetClipboardData
CloseClipboard
LoadStringW
PostMessageW
MessageBoxW
InflateRect
SetPropW
GetClientRect

gdi32

EndDoc
GetStockObject
GetObjectW
EndPage
SetBkMode
SetTextColor
SelectObject
StartPage
StartDocW
SetMapMode
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
PrintDlgW

advapi32

RegQueryInfoKeyW
GetSecurityDescriptorLength
MakeAbsoluteSD
MakeSelfRelativeSD
RegOpenKeyExW
RegQueryValueW
RegConnectRegistryW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegGetKeySecurity
IsValidSecurityDescriptor
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
SetServiceStatus
RegEnumKeyW
RegDeleteValueW
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegEnumValueW

shell32

CommandLineToArgvW
ShellExecuteW
ExtractIconExW

ole32

CreateBindCtx

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
VariantChangeType
VariantInit
VariantClear
VariantTimeToSystemTime
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen

comctl32

ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ord17

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c2971e27e558678b614d78284a46f77e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

e9:dd:87:9d:6f:20:af:af:68:4e:c9:ed:d3:ce:56:37:a0:d8:b2:59Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

mpr

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 120KB - Virtual size: 140KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 12KB - Virtual size: 10KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

e9:dd:87:9d:6f:20:af:af:68:4e:c9:ed:d3:ce:56:37:a0:d8:b2:59
Signer

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 120KB - Virtual size: 140KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 12KB - Virtual size: 10KB