0db83534d6a447eb1265670998cd7457_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db83534d6a447eb1265670998cd7457_JaffaCakes118
Size

1.1MB
MD5

0db83534d6a447eb1265670998cd7457
SHA1

c3ce04d4d298dd074de57be3c5b5a14db4535f4d
SHA256

2f110b15c577477dbf49bffb6b399485df7966f12eca1511a9c8a9e9c2a62386
SHA512

d497b296a39f5258906e03605286c8a4a0f2e088db5062e032756ff2400263aef410156ad779e583f1f94a1f9f8a87f6fada13a3d663a8fdd937ac2bef96494c
SSDEEP

24576:n+CYj4vIDCNnbu5tsA0k1UDhUhNCeryC0HTBYvvm8Ak3otH5VT:n+pUZnbu5tsA0k1UDhO00QHx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db83534d6a447eb1265670998cd7457_JaffaCakes118

Files

0db83534d6a447eb1265670998cd7457_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bcee7f7642e4472e2c7dd52d810f4fc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\backdoor-v4-kad\workspace\output\MinSizeRel\bot.pdb

Imports

kernel32

FindFirstFileA
FindFirstFileW
GetShortPathNameW
FindNextFileA
FindNextFileW
CopyFileA
MoveFileA
CopyFileW
MoveFileW
CreateHardLinkA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetFullPathNameA
GetDiskFreeSpaceExA
CreateHardLinkW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
GetFullPathNameW
GetDiskFreeSpaceExW
SetFileTime
GetFileTime
FindClose
InterlockedExchangeAdd
InterlockedExchange
Sleep
SwitchToThread
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetLocaleInfoA
lstrcmpiA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLastError
CompareStringW
GetLocaleInfoW
LCMapStringA
GetCPInfo
GetStringTypeA
GetVersionExA
GetFileInformationByHandle
GetFileSize
ReadFile
WriteFile
GetSystemInfo
SetFilePointer
SetEndOfFile
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrlenA
CreateFileW
LocalFree
FormatMessageA
HeapFree
GetProcessHeap
WaitForSingleObject
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
ResetEvent
TlsSetValue
InterlockedCompareExchange
GetTickCount
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetExitCodeProcess
CreateProcessW
SetEnvironmentVariableW
ReleaseSemaphore
RtlUnwind
RaiseException
GetStartupInfoW
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
ExitThread
GetCurrentThreadId
CreateThread
GetModuleHandleW
GetProcAddress
SetLastError
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
HeapSize
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
FatalAppExitA
VirtualAlloc
GetModuleHandleA
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LoadLibraryA
FreeLibrary
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetWindowsDirectoryW
FlushInstructionCache
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareFileTime
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesExA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
lstrlenW
GetVersionExW
IsProcessorFeaturePresent
SetEvent
CreateEventA
ResumeThread
CloseHandle

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhOpenQueryW
PdhAddCounterA
PdhMakeCounterPathA

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
GetUrlCacheEntryInfoW
SetUrlCacheEntryInfoW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW

user32

VkKeyScanW
PostMessageW
IsWindow
SetThreadDesktop
DefWindowProcW
GetClientRect
MapVirtualKeyW
SendMessageW
PtInRect
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetThreadDesktop
CreateDesktopW
CloseDesktop

shell32

ShellExecuteExW
ord680

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize

oleaut32

CreateErrorInfo
VariantInit
SysStringLen
SetErrorInfo
GetErrorInfo
SysStringByteLen
VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen
VariantChangeType

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shlwapi

SHGetValueW
PathRemoveArgsW
PathStripPathW
PathRemoveExtensionW
PathMakePrettyW

Sections

.text
Size: 895KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcee7f7642e4472e2c7dd52d810f4fc9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winhttp

pdh

wininet

user32

shell32

ole32

oleaut32

advapi32

shlwapi

Sections

.text Size: 895KB - Virtual size: 894KB

.rdata Size: 271KB - Virtual size: 271KB

.data Size: 60KB - Virtual size: 70KB

STLPORT_ Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 895KB - Virtual size: 894KB

.rdata
Size: 271KB - Virtual size: 271KB

.data
Size: 60KB - Virtual size: 70KB

STLPORT_
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 60KB - Virtual size: 59KB