0bec07fb10026d5d18dc39c483dc1ce9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bec07fb10026d5d18dc39c483dc1ce9_JaffaCakes118
Size

113KB
MD5

0bec07fb10026d5d18dc39c483dc1ce9
SHA1

b09050701c748731b0a7b7990d4bd142e2d2c1d2
SHA256

61c0dbda860b4f8cf23f3f5ca0451ea7e46c6fa58f239c6838362f982d9d6a4c
SHA512

876ae00e64d6e1558331b7fd2fd7d700cc782d08536bb1d6206852de2aeeda45424784f64660bdadeb190a4d8da07289e5fda8ec77a83b560ea82a1a60619808
SSDEEP

3072:96YUOvGlTnNHyu0F8dCi70SUWCDR0Wt+XzcD2oaNVa/Z:UY3aTNHyydCi7FgR7tCYaox/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bec07fb10026d5d18dc39c483dc1ce9_JaffaCakes118

Files

0bec07fb10026d5d18dc39c483dc1ce9_JaffaCakes118
.exe windows:6 windows x64 arch:x64

3dd4a3a5fb5eafade6c39c669f4e9622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\挖矿\挖矿程序\VS2008版XMR源码New\Wrapper\res\svch0st.pdb

Imports

kernel32

WriteFile
OutputDebugStringW
Sleep
GetCurrentThreadId
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
GetLastError
CloseHandle
CreateProcessW
GetSystemInfo
MultiByteToWideChar
SetFileAttributesW
GetExitCodeProcess
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
EncodePointer
DecodePointer
HeapAlloc
GetCommandLineW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
HeapSize
GetStdHandle
GetModuleFileNameW
GetProcessHeap
HeapFree
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers

user32

PostThreadMessageW

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW

shlwapi

StrCpyW
StrCatW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd4a3a5fb5eafade6c39c669f4e9622

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB