27dbd9eba04cf9fc96a731f42cc2ff17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27dbd9eba04cf9fc96a731f42cc2ff17_JaffaCakes118
Size

2.5MB
MD5

27dbd9eba04cf9fc96a731f42cc2ff17
SHA1

3a6101db9b8e4562c9d0707727b764016f5b8912
SHA256

db0bd1bccfe97aef544b3c713d9eb519635fd912421c3d9466d58c48a677833b
SHA512

941a95f251a9e3f68b4fa6cc8004018e6b821c06917ac156f03e43ba4c25c34c6ff31962b8016d6750baa30d87018082905d3e42c2cc75d9717f782c3f921c24
SSDEEP

49152:Dyj37DOohlmEdUFYcrfKu5K8TX7pyeGAqFrS4+bdyicWEWbJ:MhUZFFfKgKMqFnhWnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Adjprog.exe
unpack001/StrGene.dll
unpack001/apdadrv.dll

Files

27dbd9eba04cf9fc96a731f42cc2ff17_JaffaCakes118
.rar
Adjprog.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Silvana
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaThiO
Size: 4KB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZProtect
Size: 1024KB - Virtual size: 1024KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
StrGene.dll
.dll windows:4 windows x86 arch:x86

b12fa03ab655983db613c463bd66a916

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\あき\デスクトップ\StrGene\Release\StrGene.pdb

Imports

kernel32

ExitProcess
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery

Exports

Exports

?GetStrImage@@YAXPAEHPAY1BGI@DA@E@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apdadrv.dll
.dll windows:4 windows x86 arch:x86

ba8adf378bc7b6d478eed516f8c18d0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

kernel32

FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
CreateFileA
DefineDosDeviceA
QueryDosDeviceA
lstrcmpiA
CloseHandle
WriteFile
ClearCommError
Sleep
ReadFile
DeviceIoControl
SetCommTimeouts
GetVersionExA
lstrlenA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapSize
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
VirtualAlloc
MultiByteToWideChar
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA

advapi32

RegCloseKey
RegQueryValueExA

Exports

Exports

??0CApdadrv@@QAE@XZ
??1CApdadrv@@QAE@XZ
??4CApdadrv@@QAEAAV0@ABV0@@Z
?ADD4Negotiation@CApdadrv@@QAEKXZ
?ADD4ReceiveDataFromDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SendAndReceiveCtrlCh@CApdadrv@@QAEKPAEK0KAAK@Z
?ADD4SendDataToDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SetCommPacketSize@CApdadrv@@QAEXGGGG@Z
?ADD4Termination@CApdadrv@@QAEKXZ
?ADD4Termination_v@CApdadrv@@QAEKXZ
?ADGetDeviceID@CApdadrv@@QAEKPAEK@Z
?ADInitDevice@CApdadrv@@QAEKXZ
?ADPortClose@CApdadrv@@QAEHXZ
?ADPortOpen@CApdadrv@@QAEKPBD@Z
?ADReceive@CApdadrv@@QAEKPAEKAAK@Z
?ADSend@CApdadrv@@QAEKPAEKAAK@Z
?ADSetRWTimeOut@CApdadrv@@QAEXU_COMMTIMEOUTS@@@Z
?ADSetReceiveType@CApdadrv@@QAEXK@Z
?ioctl@CApdadrv@@QAEPAXW4apdadrvIoctl_t@@PAX@Z

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
清零方法.doc
.doc windows office2003
百度-KK下载站-搜索最新资源kkx.net.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.textbss Size: 2.8MB - Virtual size: 2.8MB

.text Size: 8KB - Virtual size: 8KB

.data Size: 1.6MB - Virtual size: 1.6MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 16KB

.Silvana Size: 4KB - Virtual size: 4KB

.MaThiO Size: 4KB - Virtual size: 8.2MB

ZProtect Size: 1024KB - Virtual size: 1024KB

.mackt Size: 8KB - Virtual size: 8KB

b12fa03ab655983db613c463bd66a916

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

ba8adf378bc7b6d478eed516f8c18d0c

Headers

File Characteristics

Imports

setupapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 6KB

.textbss
Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.Silvana
Size: 4KB - Virtual size: 4KB

.MaThiO
Size: 4KB - Virtual size: 8.2MB

ZProtect
Size: 1024KB - Virtual size: 1024KB

.mackt
Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB