04b421bc59e75a519ddcdcf1bacc9883_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04b421bc59e75a519ddcdcf1bacc9883_JaffaCakes118
Size

63KB
MD5

04b421bc59e75a519ddcdcf1bacc9883
SHA1

ed680229b78f965efd39d8cc4f51c9b3f2af3ed2
SHA256

35c27bce0621d38fc7c89b2bd8e01fdae4774cb4b585432eba22bedb6d2bef71
SHA512

6ce2af0410653a16a4229286d4d33f1c2917661e0b974976d6f1ca23f6f83833ca30474a6fdea223e30ac7c364e3718df869e675a1a8275bcc87dd1cfc9f17bc
SSDEEP

768:Y41zjDe74jWq7/M4rL2MPJTbZBG40QDUean5o5d0dgalPcITW:Y4tjyP4rL2MaQDnIlP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04b421bc59e75a519ddcdcf1bacc9883_JaffaCakes118

Files

04b421bc59e75a519ddcdcf1bacc9883_JaffaCakes118
.exe windows:4 windows x86 arch:x86

412e2e0cb392acf6c3dadd290f1ef586

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\周令俊\桌面\Hack\YaBot-LEAKiSO-20072\bin32\bot.pdb

Imports

kernel32

CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
QueryPerformanceFrequency
GlobalMemoryStatus
LoadLibraryA
TerminateProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateThread
TerminateThread
SetProcessWorkingSetSize
GetTickCount
GetDiskFreeSpaceExA
GetVersionExA
GetSystemDirectoryA
GetComputerNameA
GetLocaleInfoA
GetFileSize
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
WriteFile
CreateFileA
CloseHandle
DeleteFileA
Sleep
GetDateFormatA
GetTimeFormatA
OutputDebugStringA
GetStdHandle
SetConsoleTextAttribute
CreateMutexA
GetLastError
ExitProcess
QueryPerformanceCounter

advapi32

RegOpenKeyExA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

shell32

ShellExecuteA

mpr

WNetAddConnection2A
WNetCancelConnection2A

msvcrt

strstr
_snprintf
fclose
fprintf
fopen
printf
strncat
_vsnprintf
strncpy
toupper
strtok
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
malloc
islower
rand
srand
atol
system
atoi

netapi32

NetShareDel

wininet

InternetGetConnectedStateEx

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
gethostbyaddr
inet_addr
recv
send
closesocket
connect
htons
socket
getsockname
WSACloseEvent
shutdown
sendto

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

Sections

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

412e2e0cb392acf6c3dadd290f1ef586

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

mpr

msvcrt

netapi32

wininet

ws2_32

ntdll

Sections

.bss Size: - Virtual size: 2KB

.data Size: 55KB - Virtual size: 55KB

.rsrc Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 2KB

.data
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 6KB - Virtual size: 6KB