42c6e38375e46075eb1abd7a41ae15c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42c6e38375e46075eb1abd7a41ae15c5_JaffaCakes118
Size

229KB
MD5

42c6e38375e46075eb1abd7a41ae15c5
SHA1

f56e650a4d646db2a70625c4e88154316c099a1b
SHA256

99684e9350cdc761f83277e570f9bca54b786b2ae0b56ca4f30a8d8e65769192
SHA512

27c1271e9e8e167b465f90a191590af2005e0da51e63dcf8db53beded72823f9a03423d40120ed8de525837763f1e185beab0fbd3a9bc88db2aa3a006a8c59bb
SSDEEP

3072:PujaY5bccJkE01sYZfPsyJDIOJOVEnvyH3SWh0JnFsOVo3UI+4e5pk:TVPEo53swDIOEVEaXKJn83U74u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c6e38375e46075eb1abd7a41ae15c5_JaffaCakes118

Files

42c6e38375e46075eb1abd7a41ae15c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59ae2c37f22342a7a11130247cd193c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\cro\桌面\T1\Release\Server.pdb

Imports

kernel32

GetModuleFileNameW
InterlockedDecrement
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
GetCurrentProcessId
FormatMessageW
MultiByteToWideChar
InterlockedIncrement
lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetModuleHandleW
GetCurrentProcess
GetModuleHandleA
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
HeapCreate
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
SetLastError
GetCurrentThreadId
CreatePipe
WaitForMultipleObjects
DisconnectNamedPipe
GetStartupInfoW
TerminateProcess
GetSystemDirectoryW
CreateProcessW
PeekNamedPipe
OpenEventW
GetVersionExW
GetTickCount
GetComputerNameW
TerminateThread
GetVolumeInformationW
lstrcpyW
LocalFree
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
RemoveDirectoryW
LocalAlloc
FindClose
MoveFileW
GetLastError
CreateFileW
ReadFile
LocalReAlloc
GetFileAttributesW
WriteFile
CreateDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
SetFilePointer
FindFirstFileW
GetFileSize
CloseHandle
CancelIo
CreateEventW
ResetEvent
InterlockedExchange
lstrlenW
Sleep
WideCharToMultiByte
SetEvent
WaitForSingleObject
VirtualAlloc
FlushFileBuffers
VirtualFree

user32

DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
wsprintfW
CharNextW
GetUserObjectInformationW
SetThreadDesktop
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
CloseDesktop
OpenInputDesktop
GetThreadDesktop
ClientToScreen
SetWindowTextW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW

advapi32

GetUserNameW

shell32

SHGetFileInfoW
ShellExecuteW

ws2_32

getsockname
WSAIoctl
connect
WSAStartup
select
htons
setsockopt
WSACleanup
recv
socket
closesocket
gethostbyname
send

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SetWindowExtEx
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
RectVisible
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
PtVisible
TextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59ae2c37f22342a7a11130247cd193c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 14KB - Virtual size: 28KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 14KB - Virtual size: 28KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 29KB - Virtual size: 28KB