8c5c3fdcf3dce1555f32ce235f000c45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c5c3fdcf3dce1555f32ce235f000c45_JaffaCakes118
Size

160KB
MD5

8c5c3fdcf3dce1555f32ce235f000c45
SHA1

f0df019abd78bb9bea839f4c3360ed1c1c8a7617
SHA256

0464c34a2ef0dfac22ca9f8847b3ae098039a18adffb251f44eb025b971117cc
SHA512

b9f7b3c415a5cc80205f9088250d1dbc8d1ce9b4b8a654f32d53cdae5e20a2986ddfe2eae965be7ba2cc7f6f5ab543cf6dd45e27ce8581f63eeb1e9c84891171
SSDEEP

3072:T37jJycglkIbLR5STWVZP6P3Lbry9XS45zncd6eMd/ywIdn7+bK1CZ5PtgSBS:b43lkJWVZa3Lb4bu+udnKb4CZ5FXBS

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PassRecovery/PassRecovery.exe
unpack002/PassRecovery/instsrv.exe
unpack002/PassRecovery/setup.EXE
unpack002/PassRecovery/srvany.exe

Files

8c5c3fdcf3dce1555f32ce235f000c45_JaffaCakes118
.rar
DCglypass/DC管理员密码重置工具/dc_passrecovery.rar
.rar
PassRecovery/PassRecovery.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PassRecovery/instsrv.exe
.exe windows:5 windows x86 arch:x86

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceA
DeleteService
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
CloseServiceHandle

kernel32

GetLastError
CreateFileA
GetDriveTypeA
lstrcmpiA
lstrlenA
lstrcpyA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
Sleep
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PassRecovery/readme.txt
PassRecovery/setup.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PassRecovery/srvany.exe
.exe windows:5 windows x86 arch:x86

42cccb59fb52078015be74288575c424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetDesktopWindow

kernel32

GetLastError
ExitThread
Sleep
CreateProcessA
SetCurrentDirectoryA
ExitProcess
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_open
_read
_lseek
_close
_except_handler3
strncmp
_stricmp
malloc
free
__initenv

advapi32

SetServiceStatus
RegCloseKey
RegQueryValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DCglypass/下载银行-提供免费绿色软件下载.url
.url
DCglypass/下载银行.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 97KB - Virtual size: 96KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 165KB - Virtual size: 165KB

53d338fb5ceeb033459bc873d466d86d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 97KB - Virtual size: 96KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 165KB - Virtual size: 165KB

42cccb59fb52078015be74288575c424

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

msvcrt

advapi32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 132B

CODE
Size: 97KB - Virtual size: 96KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 165KB - Virtual size: 165KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 8KB

CODE
Size: 97KB - Virtual size: 96KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 165KB - Virtual size: 165KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 132B