2d271ecb2438965dcb8a0c8cba2ff78b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d271ecb2438965dcb8a0c8cba2ff78b_JaffaCakes118
Size

82KB
MD5

2d271ecb2438965dcb8a0c8cba2ff78b
SHA1

2a28d98f41519f4e6d454e27ee761b37bf0dfb95
SHA256

74fec7180e7dc8f6d3bf2afb0e1d3fc081b15b3efdc582bc35416bae2480efce
SHA512

123383d4d9b4b214b4215455f16d5ea65e9792ba0427cb4f751a9db103147f0d6b40329a49ae8ddba81823740b909ae495edc84823f08da98d7da15fee26fb05
SSDEEP

1536:XX+po82m9arEm9PqSQ8+z7tcwV4kLysWjcdQkzs8Ry:n38rz2PqHV4kL9Qkz1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d271ecb2438965dcb8a0c8cba2ff78b_JaffaCakes118

Files

2d271ecb2438965dcb8a0c8cba2ff78b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

edecbf7863122687afacbd434698507b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\大象哥\Desktop\5255\Server\Release\Server.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
Sleep
GetLastError
DecodePointer
DeleteCriticalSection
CloseHandle
CreateThread
FreeLibrary
WaitForSingleObject
GetProcAddress
LoadLibraryA
CreateMutexA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
RtlUnwind
HeapFree
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetProcessHeap
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
CreateFileW

ws2_32

select
WSAStartup
__WSAFDIsSet
gethostbyname
connect
inet_addr
htons
setsockopt
socket
closesocket
send
WSAIoctl
recv

wininet

InternetOpenA
InternetReadFile
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edecbf7863122687afacbd434698507b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

wininet

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB