30635279658bccab8b40ea013da06044_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30635279658bccab8b40ea013da06044_JaffaCakes118
Size

538KB
MD5

30635279658bccab8b40ea013da06044
SHA1

74a79aed1bb0267a20da18e7d822976c261402aa
SHA256

2a6aed389b46a81d5f316511685d87626afd1341db6215e4edfabe454c685ce9
SHA512

234881ca8008e2c9c025267874fd057d70a3367b4c93591c0bcf24e4023143e0314a8dd5cd3d3dcade65be249f0324e3a11dc6cd1995c66bb338f095536cc302
SSDEEP

6144:kryiPT89qv97XNKoMzVDIBkHcHuJNUyiLBrd9k/G976k9M3i6:krDT8sV7XAoCBIBkHC8NeLBfk/GgB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30635279658bccab8b40ea013da06044_JaffaCakes118

Files

30635279658bccab8b40ea013da06044_JaffaCakes118
.exe windows:6 windows x86 arch:x86

918629702da59d263326e0af70be29c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\6.8 Build Files\WM\SYNC\pfxsynpftservice\Release\PFXSYNPFTService.pdb

Imports

ws2_32

WSAIoctl
WSACreateEvent
gethostbyname
WSAEnumNetworkEvents
bind
listen
socket
WSACleanup
WSAStartup
WSAGetLastError
htonl
htons
WSAEventSelect
WSACloseEvent
WSAAddressToStringA
accept
send
recv
setsockopt
shutdown
closesocket
connect
WSAWaitForMultipleEvents

epaceesp

??0CScopeTimer@@QAE@HPBD0H@Z
?GetMillisecs@CPfxTimerBase@@MAEKXZ
??1CScopeTimer@@QAE@XZ
?PFXOutputDebugStringSrc@CPFXTraceMgr@@SAXW4DbgLevel@1@PBDH1@Z

kernel32

LoadResource
FindResourceA
FindResourceExA
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
OutputDebugStringA
GetModuleFileNameA
CreateThread
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
CloseHandle
GetCurrentProcess
GetCurrentThread
GetProcAddress
GetModuleHandleW
IsDBCSLeadByte
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetVersionExA
Sleep
GetCurrentThreadId
SuspendThread
ResumeThread
ReleaseMutex
CreateMutexA
GetCommandLineA
LocalFree
FormatMessageA
WriteFile
CreateFileA
DeleteFileA
ReadFile
LockResource
GetComputerNameExA
WaitForSingleObject
CreateProcessA
LocalAlloc
ExitThread
ReleaseSemaphore
CreateSemaphoreA
GetFileAttributesA
MoveFileExA
MoveFileA
GetFileSize
GetFileTime
SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
SetFileTime
GetTempPathA
CreateDirectoryA
CopyFileA
RemoveDirectoryA
CreateEventA
ResetEvent
SetEvent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
SizeofResource
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcpyA
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent

user32

PostThreadMessageA
MessageBoxA
CharNextW
LoadStringA
DispatchMessageA
GetMessageA
wsprintfA
CharNextA

advapi32

OpenSCManagerA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
SetServiceStatus
ControlService
DeleteService
CreateServiceA
OpenServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
OleRun
StringFromGUID2
CoInitializeSecurity
CoCreateGuid

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantCopy
VariantTimeToSystemTime
SetErrorInfo
CreateErrorInfo
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo
LoadTypeLi

Exports

Exports

??0CPfxTimerBase@@QAE@ABV0@@Z
??0CScopeTimer@@QAE@ABV0@@Z
??4CPFXTraceMgr@@QAEAAV0@ABV0@@Z
??4CPfxTimerBase@@QAEAAV0@ABV0@@Z
??4CScopeTimer@@QAEAAV0@ABV0@@Z
??_7CPfxTimerBase@@6B@
??_7CScopeTimer@@6B@

Sections

.text
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918629702da59d263326e0af70be29c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

epaceesp

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 365KB - Virtual size: 364KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 50KB - Virtual size: 49KB

.text
Size: 365KB - Virtual size: 364KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 50KB - Virtual size: 49KB