3b40c3446f029b5b31b441c03f1913c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b40c3446f029b5b31b441c03f1913c2_JaffaCakes118
Size

794KB
MD5

3b40c3446f029b5b31b441c03f1913c2
SHA1

b484e107247ff6784b0da7b615ea21a065913511
SHA256

2580b4127a46df21c222f8ed7b1c21f1fc7057589e59d72fd429c4ad998ca6b0
SHA512

d4174fb7e02fe43df3390c99a03b6054f0f960e44fd12c269c6ed07713da661bf58b18242d7535aca541a8724800cfb5c067612f3dc47f0e7d78fbcefd66e9dd
SSDEEP

12288:DJnayT/QgMNPq+l/SvgqiRsEuLuDCdQWjzxWqRIHEInN/VcxfYJ0klgQrBJajU+A:xYLjl/IiYwCdveHNSYV0jU5Go5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Qiwi checker.exe
unpack001/system.exe

Files

3b40c3446f029b5b31b441c03f1913c2_JaffaCakes118
.rar
61K SOCK 5.txt
Qiwi checker.exe
.exe windows:4 windows x86 arch:x86

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

LockResource
lstrlenA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
lstrcpynA
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrcatA
lstrcpyA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
system.exe
.exe windows:4 windows x64 arch:x64

961161a4a1e139c8d8d2f026378a9d81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fmode
_fstat64
_ftime
_ftime64
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_setjmp
_snwprintf
_stat64
_stricmp
_strnicmp
_sys_nerr
_time64
_unlock
_vsnprintf
abort
atoi
calloc
exit
fclose
feof
fflush
fgetc
fgets
fopen
fprintf
fputc
fread
free
fseek
fwprintf
fwrite
getenv
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
rand
realloc
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
tolower
vfprintf
wcscpy
wcstombs
longjmp
_write
_strdup
_read
_open
_getpid
_close

user32

MessageBoxW

wldap32

ber_free
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 53KB

.rsrc Size: 360KB - Virtual size: 360KB

961161a4a1e139c8d8d2f026378a9d81

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

wldap32

ws2_32

Sections

.text Size: 388KB - Virtual size: 387KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 77KB - Virtual size: 76KB

.pdata Size: 13KB - Virtual size: 12KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 8KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 53KB

.rsrc
Size: 360KB - Virtual size: 360KB

.text
Size: 388KB - Virtual size: 387KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 77KB - Virtual size: 76KB

.pdata
Size: 13KB - Virtual size: 12KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B