5fb3f3353d8817621b211dc4579f0681_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5fb3f3353d8817621b211dc4579f0681_JaffaCakes118
Size

1.5MB
MD5

5fb3f3353d8817621b211dc4579f0681
SHA1

798473934d4b9fe7ab3e92f20daa7f05946ebf5b
SHA256

74ef2118d3412bae12dd634225746e1092a35ccd791155bc30bf8fe3203ccf43
SHA512

2c0344a3a5e28875da7bc073bf86cfaa0fbb903803d2f148f3608ae7b4b087e91f84cbc8ed25bf91060c32067a61b1d75151b932c6157a8feb827a95825892be
SSDEEP

24576:kvGNNTGTO7aozxA/SCrAuPvIdEqoqqh4DaIFem+KpP3lGTt6pq4OKXzxUJ2:k4NTGTOmotTgAuHICddWO+NGTt6pqSxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fb3f3353d8817621b211dc4579f0681_JaffaCakes118

Files

5fb3f3353d8817621b211dc4579f0681_JaffaCakes118
.dll windows:5 windows x86 arch:x86

232ff3e1e0fdff1f746b5aa779c62e0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\代码\私活\阿华2020\https\sys\sys\nfsdk-src-1.5.0.8-pf-src-1.1.6.4\bin\Release\Win32\PFHttpBlocker.pdb

Imports

kernel32

FreeLibrary
LoadLibraryA
ProcessIdToSessionId
CreateMutexA
ReleaseMutex
SetFilePointer
GetFileSize
SetEndOfFile
ExpandEnvironmentStringsW
CreateProcessW
GetCurrentThreadId
GetVersion
GetFileType
InterlockedIncrement
MultiByteToWideChar
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetModuleHandleA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
InterlockedDecrement
CreateFileW
CreateDirectoryW
GetTempFileNameW
GetStdHandle
GetTempPathW
GetProcAddress
SetLastError
ReadFile
ResetEvent
GetSystemInfo
CreateEventA
GetCurrentProcessId
OpenProcess
WriteFile
CancelIo
WaitForSingleObject
GetOverlappedResult
GetTickCount
WaitForMultipleObjects
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
lstrlenA
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
DeleteFileW
CloseHandle
OutputDebugStringA
FindNextFileW
DeviceIoControl
RemoveDirectoryW
CreateEventW
FindClose
GetLastError
OutputDebugStringW
FindFirstFileW
GetSystemTime
CreateFileA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
RaiseException
ExitThread
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

advapi32

DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RevertToSelf
AdjustTokenPrivileges
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation
LookupAccountSidA

oleaut32

SysFreeString
SysAllocString
VariantClear

ws2_32

closesocket
ntohl
WSAGetLastError
recv
WSASetLastError
send
htons
ntohs
WSAAddressToStringA
WSACleanup
WSAStartup
shutdown

crypt32

CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertOpenStore
CertEnumCertificatesInStore
CertOpenSystemStoreA
PFXExportCertStoreEx
CertAddCertificateContextToStore
CertFindCertificateInStore

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

232ff3e1e0fdff1f746b5aa779c62e0e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

crypt32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 43KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 43KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 59KB - Virtual size: 59KB