95593043e3b53a779d7ebb53fa3beaea198dbdaa2976c8cb7f381579a832fab6

Sharing

Copy URL

Twitter E-mail

General

Target

95593043e3b53a779d7ebb53fa3beaea198dbdaa2976c8cb7f381579a832fab6
Size

932KB
MD5

3a74d02b71b8299d6c0d3bca94dcee1e
SHA1

4064a2e5a4e9e31ef44bcbed1ddbf80657ca0790
SHA256

95593043e3b53a779d7ebb53fa3beaea198dbdaa2976c8cb7f381579a832fab6
SHA512

200d4baa4a9da44ee547d7c993d45de19f04a2f82e7fe3669ad6d23e7eb61dba6f68ad029697054806ae66621d9c5ebe6a7b458c014e4e83420b5b53653bea5a
SSDEEP

24576:prMopXWd2WvPkgu/TOF/gU3/Lam5/jaZdLx9Q:9iV/v8Zxx9Q

Score

1^/10

Malware Config

Signatures

Files

95593043e3b53a779d7ebb53fa3beaea198dbdaa2976c8cb7f381579a832fab6
.dll windows:6 windows x86 arch:x86

74166e976d5a53fae10bd63043d1bba7

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/11/2023, 03:04

Not After

13/11/2026, 03:04

Subject

SERIALNUMBER=16795856,CN=SYSJUST CO.\, LTD.,O=SYSJUST CO.\, LTD.,STREET=12 F.-2\, No. 95\, Minquan Rd.\, Xindian Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:45:53:5f:b6:09:81:a9:da:95:21:81:d8:f3:ba:86:94:f7:cc:74:c3:9c:d5:36:4a:11:e3:ce:64:78:0b:75
Signer

Actual PE Digest

22:45:53:5f:b6:09:81:a9:da:95:21:81:d8:f3:ba:86:94:f7:cc:74:c3:9c:d5:36:4a:11:e3:ce:64:78:0b:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\j-vtfs2017\XQRelease\XQ_202403\SERVER\Release\JDEncryptUtil.pdb

Imports

mfc140

ord12162
ord12194
ord8180
ord12182
ord5894
ord3844
ord6831
ord993
ord12485
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord265
ord11927
ord11928
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12484
ord316
ord1139
ord492
ord2165
ord1448
ord5228
ord2383
ord14380
ord2387
ord2003
ord12621
ord975
ord1410
ord12582
ord13197
ord13882
ord928
ord1140
ord2880
ord14520
ord11907
ord500
ord321
ord2394
ord2381
ord8429
ord300
ord310
ord1044
ord1526
ord1529
ord8677
ord5528
ord5739
ord9305
ord7618
ord1468
ord8347
ord12190
ord10383
ord5504
ord12869
ord12806
ord4580
ord8718
ord4807
ord976
ord1449
ord6475
ord954
ord14365
ord1507
ord2389
ord9166
ord10202
ord8182
ord5388
ord7677
ord7688
ord7687
ord7961
ord8285
ord5210
ord5390
ord5231
ord486
ord5336
ord2484
ord5742
ord266
ord3841
ord1510
ord325
ord1051
ord2359
ord2241
ord324
ord1050
ord2406
ord2409
ord2372
ord2408
ord485
ord2263
ord2370
ord2178
ord2294
ord2397
ord1509

kernel32

IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
CreateEventW
WaitForSingleObjectEx
CloseHandle
InitializeSListHead
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetThreadTimes
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
ResumeThread
GetExitCodeThread
TerminateThread
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetLocalTime
CreateDirectoryA
GetModuleFileNameA
lstrlenA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError

user32

UnregisterClassA
wsprintfA

advapi32

CryptEncrypt
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptAcquireContextA
CryptGetHashParam
CryptDestroyKey
CryptDeriveKey

oleaut32

SysFreeString

msvcp140

?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

vcruntime140

__std_type_info_compare
__std_type_info_name
_CxxThrowException
memmove
__std_terminate
__std_exception_copy
__current_exception
__current_exception_context
__std_type_info_destroy_list
_except_handler4_common
_purecall
__CxxFrameHandler3
__std_exception_destroy
memset
__RTDynamicCast
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo
terminate

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime
clock

api-ms-win-crt-heap-l1-1-0

_recalloc
_aligned_malloc
_aligned_free
malloc
calloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs_s

api-ms-win-crt-string-l1-1-0

isalpha
tolower
toupper
strncmp

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_libm_sse2_log_precise
_except1

Exports

Exports

?JDEncryptUtil_Base64Decode@JDEncryptUtil@@YAHPBDPAEPAH@Z
?JDEncryptUtil_Base64Encode@JDEncryptUtil@@YAHPAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?JDEncryptUtil_UrlDecode@JDEncryptUtil@@YAHPBDPAPAE@Z
?JDEncryptUtil_UrlEncode@JDEncryptUtil@@YAHPBDPAPAE@Z
JDEncryptUtil_AES_Decrypt
JDEncryptUtil_AES_DecryptWithUTF8
JDEncryptUtil_AES_Encrypt
JDEncryptUtil_AES_EncryptWithUTF8
JDEncryptUtil_DecryptMessage
JDEncryptUtil_DecryptMessageWithPassword
JDEncryptUtil_DecryptMessageWithPasswordAndUTF8
JDEncryptUtil_DecryptMessageWithUTF8
JDEncryptUtil_EncryptMessage
JDEncryptUtil_EncryptMessageWithPassword
JDEncryptUtil_EncryptMessageWithPasswordAndUTF8
JDEncryptUtil_EncryptMessageWithUTF8
JDEncryptUtil_FreeBuffer
JDEncryptUtil_InitLog
JDEncryptUtil_MD5

Sections

.text
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74166e976d5a53fae10bd63043d1bba7

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

22:45:53:5f:b6:09:81:a9:da:95:21:81:d8:f3:ba:86:94:f7:cc:74:c3:9c:d5:36:4a:11:e3:ce:64:78:0b:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

advapi32

oleaut32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 661KB - Virtual size: 661KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 32KB - Virtual size: 41KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 50KB - Virtual size: 49KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

22:45:53:5f:b6:09:81:a9:da:95:21:81:d8:f3:ba:86:94:f7:cc:74:c3:9c:d5:36:4a:11:e3:ce:64:78:0b:75
Signer

.text
Size: 661KB - Virtual size: 661KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 32KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 50KB - Virtual size: 49KB