40fecb45409414b00528d435896d100f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

40fecb45409414b00528d435896d100f_JaffaCakes118
Size

311KB
MD5

40fecb45409414b00528d435896d100f
SHA1

4eec9cf870a63d3d29655d68b221958627d137e5
SHA256

fa3a3923477904978d729c52acc795be439625fda222aec409a8435595c8bcf0
SHA512

8ad617857730bac1d0ed6d6f9ec9c056fff8289a6177eb41ebcf1b2d33dcb01113874c678f63140208aef0fc4fe5e3f4f3ccd16c2fd2876d8fef94c4c05e8d76
SSDEEP

6144:YY4fSbFrqJebOug5KB0gB6w5nQarFaa16y+o+Qy1e6YK:QfQbo5u0gb7rFasb+Qy1eJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40fecb45409414b00528d435896d100f_JaffaCakes118

Files

40fecb45409414b00528d435896d100f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Documents\Visual Studio 2010\Projects\server-side-bot\Release\server-side-bot.pdb

Imports

winhttp

WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl

user32

wsprintfW
GetSystemMetrics
wsprintfA

dnsapi

DnsQuery_A
DnsFree

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_addr
htons
socket
connect
send
closesocket
htonl
recv
__WSAFDIsSet
select
listen
bind
accept
WSAGetLastError
shutdown
ioctlsocket
sendto

urlmon

ObtainUserAgentString

advapi32

StartServiceW
RegisterServiceCtrlHandlerW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
CreateServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
SetServiceStatus

iphlpapi

GetAdaptersInfo
GetBestInterface
SendARP

shell32

ShellExecuteExW
SHChangeNotify
ord680

ole32

CoUninitialize
CoCreateGuid
CoInitialize

shlwapi

StrCatW
StrStrIW

kernel32

HeapSize
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
GetCurrentThreadId
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
TlsFree
LoadLibraryW
CompareStringW
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DeleteCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
CloseHandle
WaitForSingleObject
CreateProcessW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleW
lstrcatW
GetEnvironmentVariableW
ExitProcess
WriteFile
CreateFileW
MoveFileW
lstrcpyW
GetModuleFileNameW
Sleep
LoadLibraryA
SetThreadContext
ReadProcessMemory
GetThreadContext
VirtualProtect
ResumeThread
InitializeCriticalSection
FreeLibrary
LeaveCriticalSection
GetModuleHandleExW
EnterCriticalSection
GetTickCount
IsBadReadPtr
CreateThread
TerminateThread
ExitThread
VirtualFree
MultiByteToWideChar
VirtualAlloc
SetLastError
OutputDebugStringA
GetLastError
IsBadCodePtr
GetCurrentProcess
GetSystemDirectoryW
DeleteFileW
CreateMutexW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetShortPathNameW
CopyFileW
GetWindowsDirectoryW
CreateEventW
SetEvent
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetTempPathW
GlobalMemoryStatusEx
GetProcessAffinityMask
GetSystemInfo
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime

Exports

Exports

CfgGetBotVersion
CfgGetCurrentDomain
CfgGetCurrentPort
CfgReadConfigBinary
CfgReadConfigInteger
CfgReadConfigString
CfgWriteConfigBinary
CfgWriteConfigInteger
CfgWriteConfigString
NetGetStringFromServer
NetGetStringFromServerSpecifyLocation
NetSendDataToServer
NetSendStringToServer
RtlParseString

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

user32

dnsapi

ws2_32

urlmon

advapi32

iphlpapi

shell32

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 39KB - Virtual size: 41KB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 39KB - Virtual size: 41KB