063089728b62e338a8c3bc96b4476b0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

063089728b62e338a8c3bc96b4476b0f_JaffaCakes118
Size

518KB
MD5

063089728b62e338a8c3bc96b4476b0f
SHA1

ecc1a364cbd8b9f0f0428e98570b75e739fd8a4a
SHA256

fd92e7b5b90458ac90ada484e35d4bc4b389e363f3a6feeed108722b77b415d6
SHA512

7b74259642cc7b31d60ac86bece48d61657fb09c3af0ea7e1e0d7e86d86ca26dae37e177cb1d835be1af82e488d676c948e645bdb99ff4a7e104b286158f38ba
SSDEEP

12288:lcRkHIZDbDCTqvsOHwn3nUPUv8hCXJml7/B6eX:KRkoZnkOtw3UPUkhCXJ6/B6eX

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/imbotV5.3/Bin/Imb0tv5.exe
unpack002/Imb0tv5.exe

Files

063089728b62e338a8c3bc96b4476b0f_JaffaCakes118
.rar
VX CHAOS.nfo
VX CHAOS.txt
imbotV5.3/Bin/Imb0tv5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pmj
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
imbotV5.3/Bin/Imb0tv5.rar
.rar
Imb0tv5.exe
.exe windows:4 windows x86 arch:x86

1a09773eed72fdac2ae42d5c5d979581

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

user32

BringWindowToTop
ShowWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
BlockInput
wsprintfA
CharLowerA
FindWindowExA
SendMessageA
IsWindow
FindWindowA
SetForegroundWindow
SetFocus
keybd_event
VkKeyScanA
GetWindowTextA
GetMenu
EnumWindows

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

kernel32

GlobalLock
GlobalUnlock
GlobalAlloc
GetLocaleInfoA
CreateMutexA
GetStartupInfoA
InterlockedDecrement
CopyFileA
CreateDirectoryA
GetVersionExA
FindClose
MultiByteToWideChar
GetWindowsDirectoryA
GetFileAttributesA
GetLogicalDriveStringsA
SetFileAttributesA
TerminateThread
GetDriveTypeA
FindFirstFileA
SetCurrentDirectoryA
GetFullPathNameA
lstrcatA
FindNextFileA
ReleaseMutex
GetFileSize
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalFree
lstrlenA
lstrcpyA
lstrcmpA
ExitThread
Sleep
ExitProcess
GetTempPathA
GetLastError
CreateThread
lstrcmpiA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcpynA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strtok
_snprintf
strncpy
strstr
strlen
strcpy
strcmp
rand
sprintf
system
strchr
atoi
__CxxFrameHandler
_EH_prolog
srand
memset
memcpy
strcat
free
malloc
memcmp
_vsnprintf
??2@YAPAXI@Z
getenv

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

ws2_32

socket
WSACleanup
closesocket
sendto
htons
setsockopt
WSASocketA
WSAStartup
connect
ioctlsocket

urlmon

URLDownloadToFileA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
imbotV5.3/MSNMessengerAPI.tlh
imbotV5.3/MSNMessengerAPI.tli
imbotV5.3/VX CHAOS.nfo
imbotV5.3/VX CHAOS.txt
imbotV5.3/cmd.h
imbotV5.3/configs.h
imbotV5.3/cpp/aim.cpp
imbotV5.3/cpp/commands.cpp
imbotV5.3/cpp/ddos.cpp
imbotV5.3/cpp/download.cpp
imbotV5.3/cpp/imbot.cpp
.vbs
imbotV5.3/cpp/irc.cpp
imbotV5.3/cpp/keylogger.cpp
imbotV5.3/cpp/loaddlls.cpp
imbotV5.3/cpp/msn.cpp
imbotV5.3/cpp/peer2peer.cpp
imbotV5.3/cpp/protocol.cpp
imbotV5.3/cpp/psniff.cpp
imbotV5.3/cpp/pstore.cpp
imbotV5.3/cpp/pstorec.tlh
imbotV5.3/cpp/pstorec.tli
imbotV5.3/cpp/rar-inject-add.cpp
imbotV5.3/cpp/rar-inject.cpp
imbotV5.3/cpp/sniffer.cpp
imbotV5.3/cpp/socks4.cpp
imbotV5.3/cpp/supersyn.cpp
imbotV5.3/cpp/threads.cpp
imbotV5.3/cpp/triton.cpp
imbotV5.3/cpp/usb.cpp
imbotV5.3/cpp/utility.cpp
.js
imbotV5.3/cpp/visit.cpp
imbotV5.3/h/aim.h
imbotV5.3/h/antisandbox.h
imbotV5.3/h/commands.h
imbotV5.3/h/ddos.h
imbotV5.3/h/defines.h
imbotV5.3/h/download.h
imbotV5.3/h/externs.h
imbotV5.3/h/functions.h
imbotV5.3/h/imbot.h
imbotV5.3/h/includes.h
imbotV5.3/h/inject.h
imbotV5.3/h/irc.h
imbotV5.3/h/keylogger.h
imbotV5.3/h/loaddlls.h
imbotV5.3/h/msn.h
imbotV5.3/h/peer2peer.h
imbotV5.3/h/protocol.h
imbotV5.3/h/psniff.h
imbotV5.3/h/pstore.h
imbotV5.3/h/pstorec.tlh
imbotV5.3/h/pstorec.tli
imbotV5.3/h/rarconfig.h
imbotV5.3/h/regcontrol.h
imbotV5.3/h/replace.h
imbotV5.3/h/sniffer.h
imbotV5.3/h/socks4.h
imbotV5.3/h/strings.h
imbotV5.3/h/supersyn.h
imbotV5.3/h/threads.h
imbotV5.3/h/triton.h
imbotV5.3/h/usb.h
imbotV5.3/h/utility.h
imbotV5.3/h/visit.h
imbotV5.3/imbot.dsp
imbotV5.3/imbot.dsw
imbotV5.3/imbot.ncb
imbotV5.3/imbot.opt
imbotV5.3/imbot.plg
.html
imbotV5.3/lib/MSNMessengerAPI.tlb
imbotV5.3/lib/MSNMessengerAPI.tlh
imbotV5.3/lib/MSNMessengerAPI.tli
imbotV5.3/lib/jpg.ico
imbotV5.3/lib/res.RES
imbotV5.3/lib/res.aps
imbotV5.3/lib/res.rc
imbotV5.3/lib/stub.exe
imbotV5.3/navegar.cpp
imbotV5.3/xBuild.cmd
vxchaos.jpg
.jpg
vxchaos_flame.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 7KB - Virtual size: 278KB

.pmj Size: 1KB - Virtual size: 4KB

1a09773eed72fdac2ae42d5c5d979581

Headers

File Characteristics

Imports

msvcp60

user32

ole32

oleaut32

kernel32

msvcrt

advapi32

ws2_32

urlmon

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 7KB - Virtual size: 278KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 7KB - Virtual size: 278KB

.pmj
Size: 1KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 7KB - Virtual size: 278KB