0f3e47080b37395638680874394b49e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f3e47080b37395638680874394b49e5_JaffaCakes118
Size

80KB
MD5

0f3e47080b37395638680874394b49e5
SHA1

0bd26f69eebc1a3f700f2240ae6440c01014f020
SHA256

1829b63b5f33495ae325dc289167381db09347afb5653e876aa76ca7d3ff35c2
SHA512

eb376ca8b2736a407db424d7050c5894fd9033e2daf679843c5bcdd8a672e7b1c871ea594d4c155de3d4857d786e84a641ff37a48e501c5dcef3fe0afbdf220c
SSDEEP

1536:JoEPKYEDDnySeEqR3uKiwSpdJ23Pp6Mjlvr:JZADDyteKi3Wp6Mjlvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f3e47080b37395638680874394b49e5_JaffaCakes118

Files

0f3e47080b37395638680874394b49e5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4103cf9706e1d8a0f41cee6cffa4da62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\Programs\金盾远程控制\GUISvrDll\Release\GUISvrDll.pdb

Imports

kernel32

DisableThreadLibraryCalls
Sleep
GetVersionExA
SetLastError
IsBadReadPtr
OpenProcess
GetVolumeInformationA
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
SetPriorityClass
GetPriorityClass
GetCurrentProcess
SetFilePointer
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
TerminateThread
GlobalMemoryStatus
GetComputerNameA
ReadFile
PeekNamedPipe
CreatePipe
GetTickCount
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetLogicalDrives
FindClose
FindNextFileA
FindFirstFileA
GetFileSize
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
GetProcessTimes
SetErrorMode
CreateMutexA
GetSystemInfo
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
CreateThread
GetCurrentThreadId
CreateFileA
GetLastError
WriteFile
GenerateConsoleCtrlEvent
GetConsoleOutputCP
WriteConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
WaitForSingleObject
TerminateProcess
FreeConsole
CloseHandle
AllocConsole
SetConsoleCtrlHandler
GetStdHandle
CreateConsoleScreenBuffer
SetConsoleScreenBufferSize
SetConsoleActiveScreenBuffer
CreateProcessA
LoadLibraryA
GetProcAddress
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetThreadPriority
SetThreadPriority
FreeLibrary
DeleteCriticalSection
GetDriveTypeA
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
ExitProcess
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter

user32

RegisterClassA
CreateWindowExA
IsWindow
SendMessageA
CloseWindow
DestroyWindow
UnregisterClassA
ExitWindowsEx
EnumDesktopsA
wsprintfA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetDC
ReleaseDC
FindWindowA
ShowWindow
EnumWindowStationsA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
DeleteObject
DeleteDC
GetDeviceCaps

advapi32

EnumServicesStatusA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
RegEnumKeyExA
GetTokenInformation
LookupAccountSidA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA

Exports

Exports

ServiceMain
WZCSvcMain

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4103cf9706e1d8a0f41cee6cffa4da62

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 72KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 72KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB