40883d1d0d969846de99f98d3ee6bc34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40883d1d0d969846de99f98d3ee6bc34_JaffaCakes118
Size

305KB
MD5

40883d1d0d969846de99f98d3ee6bc34
SHA1

157f58bd30c12e8abe0afffa843e2eba19b2ae9e
SHA256

3bd2a578634641ee4a4b016dfcbb922a5dcf39be0c640a4f0a4a475c325ba85d
SHA512

d991fae6b79e4bc3213b5d5ed97f5b6f04bb514693d3244d0bdfbae2cd992aa81f48b84f9fcdde33c32bd7f9dc31658e86bd145003f84b7cae153e1483bf801c
SSDEEP

6144:Q9kYO9XWMqFS2ddr+0PaA67cZhGnixG84Rf8QYdp:QQkvddF+OaAGniG8Uf8Q2p

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GMC/GMClient.exe
unpack001/GMC/gmdeployer.exe

Files

40883d1d0d969846de99f98d3ee6bc34_JaffaCakes118
.zip
GMC/GMClient.exe
.exe windows:5 windows x86 arch:x86

622f8730bbdf6f1b11564326b41484bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\xalp\Release\GMClient.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexA
CloseHandle
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
Sleep
CopyFileA
WinExec
GetLocalTime
GetLastError
OutputDebugStringA
GetModuleFileNameA
GetFileAttributesA
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
CreateFileA
SetStdHandle
FlushFileBuffers
LoadLibraryW
WriteConsoleW
HeapReAlloc
SetEndOfFile
ReadFile
HeapSize
CreateFileW

advapi32

SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GMC/gmdeployer.exe
.exe windows:5 windows x86 arch:x86

3b3a37db864a4c3aac46ea27554fb6d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\svn\gm\branches\grid2.2\winRunner\Release\gmdeployer.pdb

Imports

kernel32

SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
lstrcpynW
GlobalFree
ReadProcessMemory
VirtualQueryEx
GetCommandLineW
VirtualQuery
GetSystemTime
GetThreadTimes
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetEnvironmentVariableA
GetVolumeInformationA
SystemTimeToFileTime
SetErrorMode
GlobalMemoryStatus
ExpandEnvironmentStringsA
SleepEx
CloseHandle
DuplicateHandle
CreatePipe
GlobalMemoryStatusEx
GetStdHandle
ReadFile
TerminateProcess
CreateProcessA
GetProcessTimes
SetEvent
CreateEventA
InterlockedExchange
GetProcessAffinityMask
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
TlsAlloc
SetLastError
TlsGetValue
GetThreadPriority
GetCurrentThreadId
TlsSetValue
InterlockedDecrement
TlsFree
DeleteCriticalSection
GetProcAddress
FreeLibrary
InitializeCriticalSection
SetThreadContext
GetThreadContext
WaitForMultipleObjects
LoadLibraryA
LocalFree
lstrlenA
FormatMessageA
GetModuleFileNameA
FileTimeToLocalFileTime
GetVersionExA
GetExitCodeProcess
GetSystemInfo
GetModuleHandleA
GetComputerNameExW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
HeapFree
HeapAlloc
DeleteFileA
CreateDirectoryA
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
GetTimeZoneInformation
ExitThread
CreateThread
RtlUnwind
FileTimeToSystemTime
GetDriveTypeA
MoveFileA
RaiseException
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapReAlloc
SetFilePointer
SetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEndOfFile
GetProcessHeap
OpenProcess
GetCurrentThread
WaitForSingleObject
GetCurrentProcess
PeekNamedPipe
FindClose
GetLastError
FindFirstFileA
GetConsoleWindow
Sleep
GetFullPathNameA

user32

wsprintfW
ShowWindow

advapi32

FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
SetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidA
RegEnumKeyExA
RegQueryInfoKeyA
RegConnectRegistryW
RegOpenKeyA
RegEnumKeyA
RegConnectRegistryA
OpenThreadToken
LookupPrivilegeValueA
ImpersonateSelf
AdjustTokenPrivileges

ws2_32

select
getsockopt
getpeername
bind
getaddrinfo
sendto
recvfrom
gethostbyaddr
listen
htons
closesocket
ntohs
recv
send
ioctlsocket
freeaddrinfo
__WSAFDIsSet
gethostname
gethostbyname
inet_ntoa
WSAGetLastError
WSASetLastError
setsockopt
socket
connect
getsockname
accept
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

netapi32

NetApiBufferFree
NetSessionEnum

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

Exports

Exports

_sigar_close@4
_sigar_cpu_get@8
_sigar_cpu_info_list_destroy@8
_sigar_cpu_info_list_get@8
_sigar_cpu_list_destroy@8
_sigar_cpu_list_get@8
_sigar_cpu_perc_calculate@12
_sigar_disk_usage_get@12
_sigar_file_system_list_destroy@8
_sigar_file_system_list_get@8
_sigar_file_system_ping@8
_sigar_file_system_usage_get@12
_sigar_format_size@12
_sigar_fqdn_get@12
_sigar_loadavg_get@8
_sigar_log@12
_sigar_log_impl_file@16
_sigar_log_impl_set@12
_sigar_log_level_get@4
_sigar_log_level_set@8
_sigar_log_level_string_get@4
_sigar_mem_get@8
_sigar_net_address_equals@8
_sigar_net_address_hash@4
_sigar_net_address_to_string@12
_sigar_net_connection_list_destroy@8
_sigar_net_connection_list_get@12
_sigar_net_connection_state_get@4
_sigar_net_connection_type_get@4
_sigar_net_connection_walk@4
_sigar_net_info_get@8
_sigar_net_interface_config_get@12
_sigar_net_interface_config_primary_get@8
_sigar_net_interface_flags_to_string@12
_sigar_net_interface_list_destroy@8
_sigar_net_interface_list_get@8
_sigar_net_interface_stat_get@12
_sigar_net_listen_address_get@12
_sigar_net_route_list_destroy@8
_sigar_net_route_list_get@8
_sigar_net_services_name_get@12
_sigar_net_stat_get@12
_sigar_net_stat_port_get@20
_sigar_new@0
_sigar_nfs_client_v2_get@8
_sigar_nfs_client_v3_get@8
_sigar_nfs_server_v2_get@8
_sigar_nfs_server_v3_get@8
_sigar_open@4
_sigar_password_get@4
_sigar_pid_get@4
_sigar_proc_args_destroy@8
_sigar_proc_args_get@16
_sigar_proc_cpu_get@16
_sigar_proc_cred_get@16
_sigar_proc_cred_name_get@16
_sigar_proc_env_get@16
_sigar_proc_exe_get@16
_sigar_proc_fd_get@16
_sigar_proc_list_destroy@8
_sigar_proc_list_get@8
_sigar_proc_mem_get@16
_sigar_proc_modules_get@16
_sigar_proc_port_get@16
_sigar_proc_stat_get@8
_sigar_proc_state_get@16
_sigar_proc_time_get@16
_sigar_resource_limit_get@8
_sigar_strerror@8
_sigar_swap_get@8
_sigar_sys_info_get@8
_sigar_tcp_get@8
_sigar_thread_cpu_get@16
_sigar_uptime_get@8
_sigar_uptime_string@16
_sigar_who_list_destroy@8
_sigar_who_list_get@8
sigar_log_printf

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GMC/internal.config

Sharing

General

Malware Config

Signatures

Files

622f8730bbdf6f1b11564326b41484bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 5KB - Virtual size: 4KB

3b3a37db864a4c3aac46ea27554fb6d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

version

netapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 8KB - Virtual size: 100KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 8KB - Virtual size: 100KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB