00a4e25bda7b62e27a9632f25e2926c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00a4e25bda7b62e27a9632f25e2926c4_JaffaCakes118
Size

196KB
MD5

00a4e25bda7b62e27a9632f25e2926c4
SHA1

5f3980c7b0285bd73c6cf6a6f7a85e65e3c16147
SHA256

37b08c9a6947bebbb9c3ca3eb8210a4b42b74cfd3da2e5f0dbd62397281d2190
SHA512

57a55aace64ea6d2a6a861168426c6663d90c044a5e70a396619209b77de7ee6e17960c3d352cf999411ff6f2dee1097f379bb230af79c531a2180d69f26c4bf
SSDEEP

1536:fZ1uPrnyp2cP7hC2LKUjSoHy111S/gFbELGOwayLMxBWhpak7cWmqL8Gsuwl8dg:unw7hCaBy111SoFoLGpLKkqGsuwl8d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00a4e25bda7b62e27a9632f25e2926c4_JaffaCakes118

Files

00a4e25bda7b62e27a9632f25e2926c4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

223bc0ba49c3b5fc1b892919e7575822

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\KernelBots_Up14\Shell\Release\Shell.pdb

Imports

ws2_32

gethostname
inet_ntoa
WSACleanup
setsockopt
htonl
sendto
WSAStartup
send
closesocket
select
connect
htons
socket
inet_addr
gethostbyname

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

kernel32

HeapAlloc
VirtualProtect
HeapFree
Sleep
lstrlenW
CreateThread
lstrcpyW
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
CreateFileW
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
CloseHandle
GetLastError
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateProcessW
CopyFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentThreadId
GetVolumeInformationW
SetFilePointer
ReadFile
DuplicateHandle
ExitProcess
RtlUnwind
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetSystemInfo
SetEndOfFile
HeapCreate

user32

PostQuitMessage
DefWindowProcW
TranslateMessage
DispatchMessageW
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
wsprintfW
SetWindowLongW
GetClientRect
GetWindowLongW

advapi32

ControlService
CloseServiceHandle
OpenServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
CreateServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
ChangeServiceConfigW
RegCreateKeyW
OpenSCManagerW

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

Exports

Exports

DestoryAntiVirus
GetDllModuleControl
StartShell
StartShell_A
StartShell_B
StartShell_C
StartShell_D

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

223bc0ba49c3b5fc1b892919e7575822

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 44KB - Virtual size: 91KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 44KB - Virtual size: 91KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 12KB - Virtual size: 11KB