d564e8abe5f3691f4da90c075fd937ba5041dd1dc8df7a7c70ef39791bd14660[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d564e8abe5f3691f4da90c075fd937ba5041dd1dc8df7a7c70ef39791bd14660.exe
Size

328KB
MD5

5b4104ae6c3e8542173646655157c273
SHA1

76e0f9ddd59980326ee320b8d18ee4744c3c88d6
SHA256

d564e8abe5f3691f4da90c075fd937ba5041dd1dc8df7a7c70ef39791bd14660
SHA512

466c93c1780ed556af2538d98ed4466b397515cce1521641c8c852f940c4fe75a5231d84efc7f1d6661e222179178002d18a8ad61d318caaec3171f8ada7f469
SSDEEP

6144:CDGk0FCG/nfjmoz3+sZCzbBBhxn0qGOqzedSaPp9YkiZDNKZ4mTyyJiKyQjbok:+TWCG/7mS3c

Score

1^/10

Malware Config

Signatures

Files

d564e8abe5f3691f4da90c075fd937ba5041dd1dc8df7a7c70ef39791bd14660.exe
.dll windows:6 windows x64 arch:x64

02d0098dd25297ed5f8285bf5996a964

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2021, 00:00

Not After

19/08/2023, 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:42:fc:fb:83:a5:a0:5f:e1:8a:7e:cd:43:f7:74:db:e2:a5:4e:57:80:36:32:37:c3:e1:e9:87:e9:f7:00:95
Signer

Actual PE Digest

ad:42:fc:fb:83:a5:a0:5f:e1:8a:7e:cd:43:f7:74:db:e2:a5:4e:57:80:36:32:37:c3:e1:e9:87:e9:f7:00:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\jenkins\workspace\8-2-build-windows-x64-cygwin\jdk8u361\3183\build\windows-x64\deploy\tmp\npjp2\obj64\npjp2.pdb

Imports

user32

CallWindowProcA
BeginPaint
EndPaint
SetPropA
MsgWaitForMultipleObjects
GetWindowThreadProcessId
GetShellWindow
CloseDesktop
OpenInputDesktop
wsprintfA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
IsWindow
PeekMessageA
GetPropA
RemovePropA
FillRect
SetWindowLongPtrA
TranslateMessage
DispatchMessageA

gdi32

StretchDIBits
GetObjectType
GetDeviceCaps
PlayEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileA
CloseEnhMetaFile
DeleteObject
CreateSolidBrush

kernel32

WideCharToMultiByte
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
GetSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteConsoleA
AllocConsole
VirtualProtect
VirtualQuery
LoadLibraryExA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
TerminateProcess
GlobalFree
GetCurrentProcessId
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLongPathNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
MultiByteToWideChar
GetCurrentThreadId
GetTickCount
GetModuleFileNameA
VerSetConditionMask
GetEnvironmentVariableA
CreateFileA
GetTempPathA
GetCurrentProcess
CreateProcessA
OpenProcess
GlobalMemoryStatusEx
GetLocalTime
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetNativeSystemInfo
GlobalAlloc
GetTempFileNameA
LocalAlloc
LocalFree
GetShortPathNameA
FormatMessageA
lstrlenA
VerifyVersionInfoA
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
GetFileAttributesA
GetSystemWindowsDirectoryA
GetExitCodeProcess
GetModuleHandleExA
OutputDebugStringA
GetStdHandle

ole32

CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
SysAllocStringByteLen

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
memchr
_purecall
strstr
__C_specific_handler
__std_type_info_destroy_list
memcpy
__RTDynamicCast
memset
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memmove

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf_s
__stdio_common_vsscanf
fflush
__stdio_common_vfprintf
_get_stream_buffer_pointers
fgetc
fgetpos
__stdio_common_vsnprintf_s
fputc
fread
ungetc
setvbuf
fwrite
_fseeki64
fclose
fopen_s
__stdio_common_vsprintf_s
fsetpos

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh

api-ms-win-crt-environment-l1-1-0

getenv
_dupenv_s
_putenv

api-ms-win-crt-string-l1-1-0

strcmp
strcat_s
_stricmp
strncpy
strcpy_s
_strdup

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_beginthreadex
_errno
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_invalid_parameter_noinfo
_seh_filter_dll
_cexit
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_initialize_onexit_table

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbscmp
_mbsnbcmp
_mbsrchr
_mbsnbcpy_s
_mbsstr
_mbslwr_s
_mbsnbicmp

api-ms-win-crt-convert-l1-1-0

strtol
atoi
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlock_file
_wstat64i32
_lock_file
_splitpath_s

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
strftime
_localtime64
_ftime64_s

Exports

Exports

Java_sun_plugin2_main_server_MozillaPlugin_allocateNPObject
Java_sun_plugin2_main_server_MozillaPlugin_allocateVariantArray
Java_sun_plugin2_main_server_MozillaPlugin_freeVariantArray
Java_sun_plugin2_main_server_MozillaPlugin_getAuthentication0
Java_sun_plugin2_main_server_MozillaPlugin_getCookie0
Java_sun_plugin2_main_server_MozillaPlugin_getProxy0
Java_sun_plugin2_main_server_MozillaPlugin_hookupApplet
Java_sun_plugin2_main_server_MozillaPlugin_invokeLater0
Java_sun_plugin2_main_server_MozillaPlugin_isBrowserThread0
Java_sun_plugin2_main_server_MozillaPlugin_javaScriptGetWindow0
Java_sun_plugin2_main_server_MozillaPlugin_nativeReleaseObject
Java_sun_plugin2_main_server_MozillaPlugin_nativeRetainObject
Java_sun_plugin2_main_server_MozillaPlugin_nativeUpdateWindowLocation
Java_sun_plugin2_main_server_MozillaPlugin_npnEvaluate
Java_sun_plugin2_main_server_MozillaPlugin_npnGetIntIdentifier
Java_sun_plugin2_main_server_MozillaPlugin_npnGetProperty
Java_sun_plugin2_main_server_MozillaPlugin_npnGetStringIdentifier
Java_sun_plugin2_main_server_MozillaPlugin_npnHasMethod
Java_sun_plugin2_main_server_MozillaPlugin_npnHasProperty
Java_sun_plugin2_main_server_MozillaPlugin_npnIdentifierIsString
Java_sun_plugin2_main_server_MozillaPlugin_npnIntFromIdentifier
Java_sun_plugin2_main_server_MozillaPlugin_npnInvoke
Java_sun_plugin2_main_server_MozillaPlugin_npnRemoveProperty
Java_sun_plugin2_main_server_MozillaPlugin_npnSetException
Java_sun_plugin2_main_server_MozillaPlugin_npnSetProperty
Java_sun_plugin2_main_server_MozillaPlugin_npnUTF8FromIdentifier
Java_sun_plugin2_main_server_MozillaPlugin_setAppletStatus
Java_sun_plugin2_main_server_MozillaPlugin_setCookie0
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIB
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIC
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JID
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIF
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JII
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIJ
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JILjava_lang_String_2
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIS
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElement0__JIZ
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElementToScriptingObject0
Java_sun_plugin2_main_server_MozillaPlugin_setVariantArrayElementToVoid0
Java_sun_plugin2_main_server_MozillaPlugin_showStatus0
Java_sun_plugin2_main_server_MozillaPlugin_variantArrayElementToObject0
Java_sun_plugin2_main_server_ServerPrintHelper_isPrinterDC0
Java_sun_plugin2_main_server_ServerPrintHelper_printBand0
Java_sun_plugin2_main_server_WindowsHelper_installModalFilterHook
Java_sun_plugin2_main_server_WindowsHelper_installMouseHook
Java_sun_plugin2_main_server_WindowsHelper_isOutOfProcessPlugin
Java_sun_plugin2_main_server_WindowsHelper_runMessagePump0
Java_sun_plugin2_main_server_WindowsHelper_uninstallHook
Java_sun_plugin2_util_PluginTrace_broadcast
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02d0098dd25297ed5f8285bf5996a964

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ad:42:fc:fb:83:a5:a0:5f:e1:8a:7e:cd:43:f7:74:db:e2:a5:4e:57:80:36:32:37:c3:e1:e9:87:e9:f7:00:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 984B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ad:42:fc:fb:83:a5:a0:5f:e1:8a:7e:cd:43:f7:74:db:e2:a5:4e:57:80:36:32:37:c3:e1:e9:87:e9:f7:00:95
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 984B