6a8841a6d964c6a6e5aab80315602dcc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a8841a6d964c6a6e5aab80315602dcc_JaffaCakes118
Size

274KB
MD5

6a8841a6d964c6a6e5aab80315602dcc
SHA1

a61dc094b1c0bffdd317c65ed9a8a335aeffa702
SHA256

7a06cf3125a127d3aef9ede1ecd6914496ba448c00e48c89dd48ef1feee68412
SHA512

c3e7529dceb375f924560969b407d879eb86b100f932f016362cd28007b077c44a87f8f4cf627cc4d885573f5422f6d4a20c9db2447a8f11251068ed9834f843
SSDEEP

6144:h0DHQdBQp/bnGgiO5ngpLJ7q0y1oyFwYqk59OZaFoX:hIHQdBq/bnGgxkJ7t6oDYjYOoX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a8841a6d964c6a6e5aab80315602dcc_JaffaCakes118

Files

6a8841a6d964c6a6e5aab80315602dcc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b9685f4a9a2755b7c3c7b49173a413d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\2019.10.25desktop\新服务\20200604_3002_svc2\Release\QmServer.pdb

Imports

kernel32

lstrcpyA
CreateThread
DeleteFileA
GetTempPathA
CloseHandle
GetModuleFileNameA
ProcessIdToSessionId
LoadLibraryA
GetLocalTime
ReadFile
FormatMessageA
GetPrivateProfileStringA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetLastError
SetLastError
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
EnterCriticalSection
PeekNamedPipe
GetStdHandle
ExpandEnvironmentStringsA
GetProcAddress
lstrcatA
Sleep
GetPrivateProfileIntA
OpenProcess
FreeLibrary
lstrlenA
WaitForSingleObject
lstrcmpA
IsProcessorFeaturePresent
GetFileType

user32

wsprintfA

advapi32

CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
CryptHashData
RegCloseKey
SetServiceStatus
DuplicateTokenEx
RegOpenKeyExA
LookupPrivilegeValueA
RegCreateKeyA
RegQueryValueExA
RegisterServiceCtrlHandlerA
RegSetValueExA
GetTokenInformation
StartServiceCtrlDispatcherA
CreateProcessAsUserA
OpenProcessToken

shell32

SHGetSpecialFolderPathA

msvcp100

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Xlength_error@std@@YAXPBD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_BADOFF@std@@3_JB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

msvcr100

__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_close
_strdup
exit
isgraph
isprint
islower
_stat64
toupper
isupper
_CxxThrowException
_gmtime64
fseek
getenv
_XcptFilter
_lseeki64
_fstat64
memchr
_getpid
isspace
isalnum
__sys_nerr
strerror
_beginthreadex
isdigit
fgets
fopen
fputs
qsort
_strtoi64
strpbrk
strtoul
strstr
isxdigit
strncmp
isalpha
strrchr
strtol
memcpy
strncpy
strchr
__iob_func
fread
tolower
_errno
memset
malloc
free
realloc
calloc
_stricmp
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
__dllonexit
_unlock
__CxxFrameHandler3
_time64
memcpy_s
srand
rand
_lock_file
setvbuf
printf
fsetpos
fgetc
fflush
_fseeki64
fgetpos
ungetc
_unlock_file
sscanf
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
sprintf
fputc
??2@YAPAXI@Z
fclose
fwrite
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
atoi
_open
_read
_write
_strnicmp
_lock

sensapi

IsNetworkAlive

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

shlwapi

PathFileExistsA
PathRemoveFileSpecA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
htons
getsockopt
getpeername
bind
closesocket
socket
connect
freeaddrinfo
gethostname
ioctlsocket
getaddrinfo
sendto
recvfrom
accept
listen

wldap32

ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b9685f4a9a2755b7c3c7b49173a413d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp100

msvcr100

sensapi

userenv

wtsapi32

shlwapi

wininet

urlmon

psapi

ws2_32

wldap32

iphlpapi

Sections

.text Size: 218KB - Virtual size: 217KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1012B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 218KB - Virtual size: 217KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1012B

.reloc
Size: 11KB - Virtual size: 11KB