42b65937f2ee984c2d5235dc8bafe3c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42b65937f2ee984c2d5235dc8bafe3c0_JaffaCakes118
Size

129KB
MD5

42b65937f2ee984c2d5235dc8bafe3c0
SHA1

ee240c3354612010bfba2bb6d0f66741f88a7454
SHA256

582f94606d28d5b51818548722a673b6233c13d0d742ec3c62fa5a92c89b30f8
SHA512

7d541ac4462ce3c3dd77a3ead3eda671186102af1900a48dc219fdf563621cfbdd6d04837867acc86334315af64990a75bf1e6db4f1a3e2caa69c4b9db476bda
SSDEEP

1536:1ogk1ERd0YLB7riyfW0/5ut7FJhXguS+ratf3dbVkjZaBbzILH/t63mAwpg:1oR1i0YLBnv/5ut7NgFVBHUft6vwpg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b65937f2ee984c2d5235dc8bafe3c0_JaffaCakes118

Files

42b65937f2ee984c2d5235dc8bafe3c0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4341dca5976f74c820e5ab908eb9d740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\深度2009工程全部代码\VipshellSrc_Svchost共享方式Ias_OK_081225\bin\VipShell.pdb

Imports

kernel32

LoadLibraryW
CreateMutexW
GetCurrentThreadId
WriteFile
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
GetTempPathW
GetModuleFileNameW
GetWindowsDirectoryW
SetEvent
CreateThread
GetVersionExW
GlobalMemoryStatus
GetCurrentProcess
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
GetComputerNameW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SetEndOfFile
CreateFileA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
WriteConsoleW
FreeLibrary
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
OpenProcess
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
ReadProcessMemory
VirtualFreeEx
WideCharToMultiByte
GetLastError
Sleep
GetModuleHandleW
CreateEventW
lstrlenW
lstrcatW
ExitProcess
HeapSize
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcessHeap
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileW
FindNextFileW
FindClose
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
MoveFileA
CreateProcessA
ReadFile
CreateFileW
GetFileSize
CloseHandle
SetErrorMode
lstrcpyW
GetConsoleOutputCP
GetTickCount

user32

KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
SetTimer
LoadCursorW
LoadIconW
GetAsyncKeyState
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
DefWindowProcW
IsWindow
SendMessageW
GetDesktopWindow
mouse_event
SetCursorPos
keybd_event
RegisterClassW
EnumChildWindows
wsprintfW
FindWindowW
MessageBoxA
GetSystemMetrics
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC
ReleaseDC
GetWindowTextA

advapi32

RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey

ole32

CoInitialize

shell32

ShellExecuteA
SHFileOperationW

oleaut32

SysFreeString
VariantInit
VariantClear

ws2_32

send
recv
closesocket
WSAStartup
htonl
getpeername
connect
socket
inet_ntoa
gethostbyname
inet_addr
select
ntohs
ntohl
htons

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

gdi32

GetStockObject
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC

psapi

GetModuleFileNameExW
EnumProcessModules

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Exports

Exports

GetDllModuleControl

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VipShel
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4341dca5976f74c820e5ab908eb9d740

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

ws2_32

avicap32

gdi32

psapi

wininet

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 16KB

.VipShel Size: 1024B - Virtual size: 520B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 16KB

.VipShel
Size: 1024B - Virtual size: 520B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 9KB - Virtual size: 9KB