eb69f8198fded4245f314d30a2702694_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb69f8198fded4245f314d30a2702694_JaffaCakes118
Size

2.9MB
MD5

eb69f8198fded4245f314d30a2702694
SHA1

d781bd0c4daff4f47072be05ab1a72bff3ea3cf5
SHA256

0c066091cf436d42cce57b3fccce95a096b5bb32335cc14adb02302bd5bd6133
SHA512

ecb5642f6a2ec15e3fd6cfa7b0ec21bc39dc0bd2bec6563459e7e0703956176c1effd98ee44799f474f8533b713171b1173c3038840cbc53ddf7115981ad7d00
SSDEEP

49152:y+j6vPQq1XW4xsF35vsrfDfzUkWbsqPe5NSVJn4wEJ6qI94d7HAUWpbdDuyuDz8:/gPQqWjFW7Df4TJ6eol5gU+dDuv/8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FileServer_v20.exe
unpack001/FindAdmin_new.exe

Files

eb69f8198fded4245f314d30a2702694_JaffaCakes118
.rar
DataList.ini
FileServer.map
FileServer.pdb
FileServer_v20.exe
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

b8ik63p6
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4kg8ulrq
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5rnwhw55
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eag5dz33
Size: 882KB - Virtual size: 884KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

h8ap0vcn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
FindAdmin_new.exe
.exe windows:4 windows x86 arch:x86

ea7d8d532f92558e708d47d9e2298ede

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateEventA
ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetPrivateProfileSectionNamesA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
HeapAlloc
WaitForSingleObject
GetProcessHeap
CreateThread
DeleteFileA
RemoveDirectoryA
FindNextFileA
GetModuleFileNameA
Sleep
MulDiv
FindFirstFileA
FindClose
LoadLibraryA
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitThread
GetEnvironmentVariableA
GetProfileStringA
SetEvent
GetCommModemStatus
GetOverlappedResult
WaitForMultipleObjects
ClearCommError
WaitCommEvent
PurgeComm
ReadFile
WriteFile
SetCommState
GetCommState
SetCommMask
SetCommTimeouts
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
SetLastError
lstrcpynA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
DuplicateHandle
GetCurrentProcess
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetFileTime
SetStdHandle
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA
SetEnvironmentVariableW
IsBadWritePtr
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
ReleaseMutex
CreateMutexA
SuspendThread
SetThreadPriority
GetCurrentThread
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
SizeofResource
LockResource
VirtualAlloc
GetLastError
LoadLibraryExA
FormatMessageA
LocalFree
FreeLibrary
GetProcAddress
lstrcmpiA
VirtualFree
GetLogicalDriveStringsA
ExitProcess

user32

GetClassNameA
WindowFromPoint
CharUpperA
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
IsClipboardFormatAvailable
ClientToScreen
GetCapture
LoadCursorA
AdjustWindowRect
EnableMenuItem
GetSubMenu
GetMenu
EqualRect
IntersectRect
GetFocus
IsRectEmpty
IsChild
DestroyIcon
GetKeyState
LoadBitmapA
LoadImageA
EnumDisplaySettingsA
ReleaseDC
GetDC
UpdateWindow
DispatchMessageA
TranslateMessage
SetWindowLongA
GetWindowLongA
IsWindowVisible
SetParent
SetScrollPos
SetScrollRange
GetScrollRange
PostMessageA
SetTimer
KillTimer
WinHelpA
ChildWindowFromPointEx
ScreenToClient
SetWindowRgn
DestroyCursor
DestroyAcceleratorTable
GetWindow
GetTopWindow
GetActiveWindow
SetWindowPos
DestroyMenu
SetActiveWindow
IsIconic
PeekMessageA
SetFocus
InvalidateRect
SetCursorPos
WaitForInputIdle
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
MessageBeep
LockWindowUpdate
ValidateRect
SetForegroundWindow
TrackPopupMenu
ScrollDC
InvertRect
SetCursor
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
RegisterClipboardFormatA
SetRectEmpty
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
LoadIconA
GetDesktopWindow
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetWindowDC
BeginPaint
EndPaint
GetDlgCtrlID
SetMenu
wsprintfA
TabbedTextOutA
DrawTextA
GrayStringA
CreateDialogIndirectParamA
EndDialog
GetSysColorBrush
LoadStringA
UnregisterClassA
MessageBoxA
GetMessageA

gdi32

Escape
CreateRectRgnIndirect
ExtCreateRegion
GetTextMetricsA
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
CreateDCA
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
RoundRect
FillRgn
GetCurrentObject
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
SetPixelV
LPtoDP
Pie
GetViewportOrgEx
GetWindowOrgEx
PatBlt
CreateCompatibleDC
ExtTextOutA
CreateSolidBrush
GetStockObject
GetObjectA
ScaleViewportExtEx
GetDeviceCaps
GetViewportExtEx
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Chord
Arc
Polygon
EndDoc
GetTextColor
Rectangle
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
GetBkMode
TextOutA
RectVisible
BitBlt
PtVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
BeginPath
EndPath
ExtSelectClipRgn
GetPixel
GetBkColor
LineTo
MoveToEx
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
RealizePalette
StartDocA
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetSystemPaletteEntries
SelectPalette
GetDIBits
CreateDIBSection
SetPixel
SetWindowOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
SetFormA
ClosePrinter
AddFormA
DeleteFormA
GetFormA
EnumFormsA

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
PrintDlgA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
OleRun
CoCreateInstance

oleaut32

VarDateFromStr
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
GetActiveObject
VariantClear
VariantChangeType
VariantInit
VariantCopyInd
SysAllocString
UnRegisterTypeLi
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCreate
OleCreatePictureIndirect
OleCreateFontIndirect
SafeArrayPutElement

winmm

waveOutPause
waveOutUnprepareHeader
midiStreamRestart
waveOutWrite
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamStop
midiOutReset
midiStreamClose
waveOutPrepareHeader

comctl32

ord17
ImageList_LoadImageA
ImageList_Destroy

ws2_32

closesocket
send
select
WSAAsyncSelect
inet_ntoa
inet_addr
accept
gethostbyaddr
gethostname
WSACleanup
WSAStartup
htons
bind
htonl
gethostbyname
getpeername
listen
recv
connect
ioctlsocket
recvfrom
sendto
setsockopt
socket

Sections

.text
Size: 804KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Serial.dat
Strings.tbl
castle/0.cst
castle/10.cst
castle/30.cst
castle/41.cst
清理日志.bat

Sharing

General

Malware Config

Signatures

Files

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 592KB

b8ik63p6 Size: 156KB - Virtual size: 156KB

.data Size: - Virtual size: 3.2MB

.rsrc Size: 12KB - Virtual size: 32KB

4kg8ulrq Size: - Virtual size: 4KB

5rnwhw55 Size: - Virtual size: 588KB

eag5dz33 Size: 882KB - Virtual size: 884KB

h8ap0vcn Size: 4KB - Virtual size: 4KB

ea7d8d532f92558e708d47d9e2298ede

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

ws2_32

Sections

.text Size: 804KB - Virtual size: 802KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 136KB - Virtual size: 134KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: - Virtual size: 592KB

b8ik63p6
Size: 156KB - Virtual size: 156KB

.data
Size: - Virtual size: 3.2MB

.rsrc
Size: 12KB - Virtual size: 32KB

4kg8ulrq
Size: - Virtual size: 4KB

5rnwhw55
Size: - Virtual size: 588KB

eag5dz33
Size: 882KB - Virtual size: 884KB

h8ap0vcn
Size: 4KB - Virtual size: 4KB

.text
Size: 804KB - Virtual size: 802KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 136KB - Virtual size: 134KB

.rsrc
Size: 68KB - Virtual size: 64KB