ffe48437eb16d7b9a9a89bccc9cf4e13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffe48437eb16d7b9a9a89bccc9cf4e13_JaffaCakes118
Size

84KB
MD5

ffe48437eb16d7b9a9a89bccc9cf4e13
SHA1

cff5b54ed48498f416681c9799dfd6cf19f8206c
SHA256

7eece997dea8f2781d9f25213ca9487443f6afac8a593e7f138de02b8f60a550
SHA512

931c4869deeb69ee54dd0ad74cc15b9f8d08cfe954a18f86269b095f8b524a988071a73fe69fcd54d7d9d0bb3776000dafa7d105b5588edf77df6b92d4fd1a0e
SSDEEP

1536:365D+rhLBB2fGkvql+uO6SCpNu29WTifYgZZfNFKlB9qK2:3wDWhyStOuMTYZfNFKlH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe48437eb16d7b9a9a89bccc9cf4e13_JaffaCakes118

Files

ffe48437eb16d7b9a9a89bccc9cf4e13_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c0d072212692c3f218cfdb1454610e83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\程序开发\传奇spi木马\第二版\TroyMir\Release\TroyMir.pdb

Imports

kernel32

CreateThread
SetEvent
CreateIoCompletionPort
OpenEventW
WaitForSingleObject
MultiByteToWideChar
DeleteCriticalSection
CreateEventW
WritePrivateProfileStringA
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetCurrentProcessId
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
GetPrivateProfileIntA
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
OutputDebugStringA
MoveFileExA
GetPrivateProfileStringA
DeleteFileA
CloseHandle
FlushFileBuffers
SetStdHandle
GetQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
GetLastError
FormatMessageW
LocalFree
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
LCMapStringW
LCMapStringA
VirtualQuery
InterlockedExchange
LoadLibraryA
SetUnhandledExceptionFilter
InitializeCriticalSection
HeapSize
ExitProcess
ExitThread
ResumeThread
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr

user32

GetWindowTextA
EnumWindows
FindWindowExW
PostMessageW
GetWindowThreadProcessId
SetTimer

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ws2_32

WSCEnumProtocols
inet_ntoa
WSAStartup
inet_addr
connect
WSASocketW
WSAGetLastError
WSCWriteProviderOrder
htons
WSCInstallProvider
listen
WSAAccept
WSARecv
shutdown
closesocket
WSASend
htonl
send
ntohs
WSCGetProviderPath
WSACleanup
bind

dnsapi

DnsQuery_W

iphlpapi

GetAdaptersInfo

Exports

Exports

WSPStartup
installProtocol
removeProtocol

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedM
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0d072212692c3f218cfdb1454610e83

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

dnsapi

iphlpapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.SharedM Size: 4KB - Virtual size: 2B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.SharedM
Size: 4KB - Virtual size: 2B

.reloc
Size: 8KB - Virtual size: 5KB