04ef15c01c4bdbc6152b1e012a23009f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04ef15c01c4bdbc6152b1e012a23009f_JaffaCakes118
Size

164KB
MD5

04ef15c01c4bdbc6152b1e012a23009f
SHA1

70534992cc5207d28299cb1bc77ee3c57642c568
SHA256

6501d6bf8c2438bf1cc9f5a4f514a66210e752aa6054c5d3f988a4d036c919f4
SHA512

172c8de645b07b371056240a0bca3d037f47b5869e8a08015a8064ed7efaf8cb27eec953c013db81e10c0ee8ecad8c4271e8b9ae286a0f0546ca50f10a8a2416
SSDEEP

1536:uX6rIJo7cv7ItLOBQgRXioXl+5qcNTCvx1WsueUVq69zJYqksfknFSEelZ+z:7kJos7IFQQ4iWl+If8BhqqtYFqlZ+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ef15c01c4bdbc6152b1e012a23009f_JaffaCakes118

Files

04ef15c01c4bdbc6152b1e012a23009f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c5bfa97b80d21638f6db761bd5f23e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Amp\Service\通过大众传媒分发的客户端\101\Release\SEOClient.pdb

Imports

netapi32

Netbios

kernel32

CreateThread
CloseHandle
WaitForSingleObject
CreateEventA
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
WriteFile
ReadFile
GetSystemDirectoryA
Sleep
MultiByteToWideChar
GetLastError
UpdateResourceA
EndUpdateResourceA
BeginUpdateResourceA
LockResource
LoadResource
FindResourceExA
FreeLibrary
LoadLibraryExA
SetEvent
WideCharToMultiByte
GetModuleHandleA
SetStdHandle
GetLocaleInfoW
GetOEMCP
GetACP
InterlockedExchange
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualProtect
SetFilePointer
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
GetCPInfo
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

shell32

ShellExecuteA

ws2_32

connect
inet_addr
setsockopt
accept
listen
recv
htons
send
closesocket
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup
bind
socket
select

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c5bfa97b80d21638f6db761bd5f23e3

Headers

File Characteristics

PDB Paths

Imports

netapi32

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 11KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 11KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 47KB