i4jinst[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

i4jinst.dll
Size

226KB
MD5

f817e8415b5d690adffcee4c36a745e3
SHA1

019c125aeb9bbb69b5c2278945be64d6cc0321b0
SHA256

46768db3c2abd211e7776e7a9040938face58653eeb1ced1795b34340e51d6a6
SHA512

f38e0d55e563010a3b726535241f20bc014e68e8803c8b83cc08146e87d23f1e9ea7099924c1934bda961226ad17fcf1f526cc26051b8a8328b2cf7b2e2f18ab
SSDEEP

6144:/B6Bxw9mYiMqU3g7ag6JXU9mR68WdWVv7T:oxw9mYiMqvv6Jev

Score

1^/10

Malware Config

Signatures

Files

i4jinst.dll
.dll windows:5 windows x64 arch:x64

22254a0b04269eb18e0cd80a7229010e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:32:25:9f:9a:92:43:3e:f2:74:4a:a1
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/08/2021, 15:24

Not After

27/08/2024, 13:58

Subject

SERIALNUMBER=HRB 141246,CN=ej-technologies GmbH,O=ej-technologies GmbH,STREET=Claude-Lorrain-Str. 7,L=München,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c18696e666f40656a2d746563686e6f6c6f676965732e636f6d,1.3.6.1.4.1.311.60.2.1.1=#13084d75656e6368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:79:5f:f3:08:27:9c:53:be:9c:4a:5b:f3:b1:ba:d8:4b:e5:38:93:1c:36:05:02:fe:9d:62:8a:e3:df:0f:9e
Signer

Actual PE Digest

99:79:5f:f3:08:27:9c:53:be:9c:4a:5b:f3:b1:ba:d8:4b:e5:38:93:1c:36:05:02:fe:9d:62:8a:e3:df:0f:9e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
LookupAccountNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
ControlService
StartServiceW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
LookupAccountSidW
RegCreateKeyExW
RegSaveKeyW
RegRestoreKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA

ole32

CoUninitialize
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SafeArrayAccessData
SysAllocString
SysFreeString
SafeArrayUnaccessData

user32

MonitorFromWindow
GetMonitorInfoA
GetSystemMenu
GetWindowLongA
IsZoomed
SetMenuDefaultItem
TrackPopupMenu
PostMessageA
CallWindowProcA
SetWindowLongPtrA
SetMenuItemInfoA
SendMessageA
GetWindowRect
GetClientRect
FillRect
IsIconic
LoadIconW
FlashWindow
RegisterClipboardFormatW
FindWindowW
GetWindowLongPtrW
GetClassNameW
GetWindow
GetWindowTextW
GetLastActivePopup
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
SetForegroundWindow
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
PostMessageW
ExitWindowsEx
wsprintfW
DestroyIcon
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
GetDesktopWindow
SetWindowPos

kernel32

CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetStdHandle
SetFilePointer
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
ExitProcess
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
DeleteCriticalSection
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
LoadLibraryA
LoadLibraryExW
LoadLibraryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetDriveTypeW
GetShortPathNameW
GetModuleHandleA
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetLastError
WaitForMultipleObjects
TerminateProcess
OpenProcess
GetProcessId
GlobalMemoryStatus
FreeLibrary
GetDiskFreeSpaceExW
CreateProcessW
GetModuleHandleExW
GetNativeSystemInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
Sleep
SetConsoleTitleW
GetTickCount
GetConsoleTitleW
GlobalUnlock
GlobalLock
CreateNamedPipeW
ConnectNamedPipe
CreateFileW
SetLastError
WaitNamedPipeW
DisconnectNamedPipe
ReadFile
FlushFileBuffers
WriteFile
GetExitCodeProcess
GlobalFree
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA

Exports

Exports

Java_com_install4j_runtime_installer_platform_win32_ACLHandling_addACE
Java_com_install4j_runtime_installer_platform_win32_FileVersion_compare0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getDriveType0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getPathFromRegistry0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getShortPathName0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getSpecialFolder0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getSystemDirectory0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getUniversalPathName0
Java_com_install4j_runtime_installer_platform_win32_FolderInfo_getWindowsDirectory0
Java_com_install4j_runtime_installer_platform_win32_Misc_broadcastSettingChange0
Java_com_install4j_runtime_installer_platform_win32_Misc_getEnvVarPairs0
Java_com_install4j_runtime_installer_platform_win32_Misc_getFreeDiskSpace0
Java_com_install4j_runtime_installer_platform_win32_Misc_getMachine0
Java_com_install4j_runtime_installer_platform_win32_Misc_getOsBuildNumber0
Java_com_install4j_runtime_installer_platform_win32_Misc_getPhysicalMemory0
Java_com_install4j_runtime_installer_platform_win32_Misc_getPidFromHandle0
Java_com_install4j_runtime_installer_platform_win32_Misc_getRunningModules0
Java_com_install4j_runtime_installer_platform_win32_Misc_getTopLevelWindows0
Java_com_install4j_runtime_installer_platform_win32_Misc_getWindowTitle0
Java_com_install4j_runtime_installer_platform_win32_Misc_moveWithDelayUntilReboot0
Java_com_install4j_runtime_installer_platform_win32_Misc_reboot0
Java_com_install4j_runtime_installer_platform_win32_Misc_registerExtensionFunctions0
Java_com_install4j_runtime_installer_platform_win32_Misc_setForegroundWindow0
Java_com_install4j_runtime_installer_platform_win32_Misc_terminateProcesses0
Java_com_install4j_runtime_installer_platform_win32_Misc_toFront0
Java_com_install4j_runtime_installer_platform_win32_ObjectPicker_show0
Java_com_install4j_runtime_installer_platform_win32_Registry_changeNotifyAssociations0
Java_com_install4j_runtime_installer_platform_win32_Registry_createKey0
Java_com_install4j_runtime_installer_platform_win32_Registry_deleteKey0
Java_com_install4j_runtime_installer_platform_win32_Registry_deleteValue0
Java_com_install4j_runtime_installer_platform_win32_Registry_enumSubKeys0
Java_com_install4j_runtime_installer_platform_win32_Registry_enumValues0
Java_com_install4j_runtime_installer_platform_win32_Registry_getValue0
Java_com_install4j_runtime_installer_platform_win32_Registry_keyExists0
Java_com_install4j_runtime_installer_platform_win32_Registry_restoreKey0
Java_com_install4j_runtime_installer_platform_win32_Registry_saveKey0
Java_com_install4j_runtime_installer_platform_win32_Registry_setValue0
Java_com_install4j_runtime_installer_platform_win32_ShellLink_changeNotify0
Java_com_install4j_runtime_installer_platform_win32_ShellLink_create0
Java_com_install4j_runtime_installer_platform_win32_ShellLink_createWide0
Java_com_install4j_runtime_installer_platform_win32_ShellLink_initialize0
Java_com_install4j_runtime_installer_platform_win32_ShellLink_uninitialize
Java_com_install4j_runtime_installer_platform_win32_VistaFileChooser_displayDialog0
Java_com_install4j_runtime_installer_platform_win32_VistaFileChooser_initialize0
Java_com_install4j_runtime_installer_platform_win32_VistaTaskDialog_init0
Java_com_install4j_runtime_installer_platform_win32_VistaTaskDialog_show0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_closeHandle0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_connectClient0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_connectNamedPipe0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_createCurrentUserSecurityAttributes0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_createListener0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_disconnectNamedPipe0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_getCurrentProcessId0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_getInvalidHandle0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_isProcessAlive0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_readDataBlock0
Java_com_install4j_runtime_installer_platform_win32_Win32CommunicationBackend_writeDataBlock0
Java_com_install4j_runtime_installer_platform_win32_Win32Exec_launch0
Java_com_install4j_runtime_installer_platform_win32_Win32Firewall_addRule0
Java_com_install4j_runtime_installer_platform_win32_Win32Firewall_deleteRules0
Java_com_install4j_runtime_installer_platform_win32_Win32Firewall_getCurrentProfileTypes0
Java_com_install4j_runtime_installer_platform_win32_Win32Firewall_initialize0
Java_com_install4j_runtime_installer_platform_win32_Win32Handle_close0
Java_com_install4j_runtime_installer_platform_win32_Win32Handle_getDeviceName0
Java_com_install4j_runtime_installer_platform_win32_Win32Handle_list0
Java_com_install4j_runtime_installer_platform_win32_Win32Proxy_getAutoProxyConfig0
Java_com_install4j_runtime_installer_platform_win32_Win32Proxy_getDefaultConfig0
Java_com_install4j_runtime_installer_platform_win32_Win32Proxy_getIEConfig0
Java_com_install4j_runtime_installer_platform_win32_Win32Proxy_loadFunctions0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_changeServiceConfig0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_getServiceBinary0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_getStartType0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_installService0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_queryStatus0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_setDelayedAutoStart0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_setRestartServiceConfig0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_startService0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_stopService0
Java_com_install4j_runtime_installer_platform_win32_Win32Services_uninstallService0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_addUser0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_deleteLocalGroup0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_deleteUser0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_executeElevated0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_getAccountName0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_getElevationType0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_getUserProfileDirectory0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_getUserSid0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_isMemberOfGroup0
Java_com_install4j_runtime_installer_platform_win32_Win32UserInfo_setLsaAccountRight0
Java_com_install4j_runtime_installer_platform_win32_WinGuiHelper_createHIcon0
Java_com_install4j_runtime_installer_platform_win32_WinGuiHelper_destroyHIcon0
Java_com_install4j_runtime_installer_platform_win32_WinGuiHelper_flashWindow0
Java_com_install4j_runtime_installer_platform_win32_WinGuiHelper_getHwnd0
Java_com_install4j_runtime_installer_platform_win32_WinGuiHelper_getPeer0
Java_com_install4j_runtime_installer_platform_win32_WinTaskBar_initTaskBar0
Java_com_install4j_runtime_installer_platform_win32_WinTaskBar_setOverlayIcon0
Java_com_install4j_runtime_installer_platform_win32_WinTaskBar_setProgress0
Java_com_install4j_runtime_installer_platform_win32_WinTaskBar_setState0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_clearError0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_connect0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_destroy0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_getErrorCode0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_getErrorLocation0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_getErrorMessage0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_getHeaders0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_init0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_internetErrorDlg0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_openRequest0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_read0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_sendRequest0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_setDwordOption0
Java_com_install4j_runtime_installer_platform_win32_wininet_WinInet_setOption0
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_00024WndProc_installImpl
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_00024WndProc_setWindowBackground
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_00024WndProc_showWindow
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_00024WndProc_uninstallImpl
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_00024WndProc_updateFrame
Java_com_install4j_shadow_com_formdev_flatlaf_ui_FlatWindowsNativeWindowBorder_registryGetIntValue
registerNatives
registerNativesFlatlaf

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22254a0b04269eb18e0cd80a7229010e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0f:32:25:9f:9a:92:43:3e:f2:74:4a:a1Certificate

Extended Key Usages

Key Usages

99:79:5f:f3:08:27:9c:53:be:9c:4a:5b:f3:b1:ba:d8:4b:e5:38:93:1c:36:05:02:fe:9d:62:8a:e3:df:0f:9eSigner

Headers

File Characteristics

Imports

advapi32

ole32

oleaut32

user32

kernel32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 5KB - Virtual size: 22KB

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0f:32:25:9f:9a:92:43:3e:f2:74:4a:a1
Certificate

99:79:5f:f3:08:27:9c:53:be:9c:4a:5b:f3:b1:ba:d8:4b:e5:38:93:1c:36:05:02:fe:9d:62:8a:e3:df:0f:9e
Signer

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 5KB - Virtual size: 22KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB