61ea06a0d04b6d3fc9460717bd0ece69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61ea06a0d04b6d3fc9460717bd0ece69_JaffaCakes118
Size

432KB
MD5

61ea06a0d04b6d3fc9460717bd0ece69
SHA1

efb289307122e6d024419dd21c80375c694652d6
SHA256

369660d88494e685830cf85d4e971515cb50efbc6d66bec14624fe2e17b79f62
SHA512

f31a6e53be72535c91beb9c970170e71d01246bcf51a28ceb0f0e49bb3face9bf7ec155ddbcd05fc8857f2a64857f5b85835bb4c78ebea35a2862d220e6c6977
SSDEEP

6144:ahsrfJ1Hk1Qq1Fp2YOHMBwRGQ+bUyLxdyWurIvz:usTJ1HkxP0HUww1Uy3lu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61ea06a0d04b6d3fc9460717bd0ece69_JaffaCakes118

Files

61ea06a0d04b6d3fc9460717bd0ece69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7437fd7688a4087bb6ff4734c3d20799

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\KernelBots_Up15\Server\Release\Server.pdb

Imports

kernel32

LoadResource
SizeofResource
FindResourceA
DeviceIoControl
CopyFileW
DeleteFileW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFileAttributesW
GetVolumeInformationW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
FindClose
FindNextFileW
WideCharToMultiByte
GetFullPathNameW
FindFirstFileW
GlobalAlloc
ExitProcess
Thread32Next
GetCurrentThreadId
SuspendThread
Thread32First
DuplicateHandle
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetProcAddress
LockResource
WriteFile
GlobalFree
LoadLibraryW
GetCurrentProcessId
OpenProcess
lstrcpyW
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
Sleep
CreateFileW
GetFileTime
SetFileTime
lstrcatW
GetCurrentProcess
GetLastError
CloseHandle
GetModuleHandleW
SetCurrentDirectoryW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameA
InterlockedExchange
VirtualQuery
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
HeapSize

user32

FindWindowW
FindWindowExW
SendMessageW
RegisterClassExW
CreateWindowExW
ShowWindow
SetWindowPos
UpdateWindow
wsprintfW
DefWindowProcW
PostMessageW

advapi32

AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegDeleteValueW
SetServiceStatus
CreateServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
ChangeServiceConfigW
RegCreateKeyW
StartServiceW
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
OpenProcessToken
LookupPrivilegeValueW

psapi

GetModuleFileNameExW

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7437fd7688a4087bb6ff4734c3d20799

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

psapi

shlwapi

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 40KB - Virtual size: 44KB

.rsrc Size: 344KB - Virtual size: 340KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 40KB - Virtual size: 44KB

.rsrc
Size: 344KB - Virtual size: 340KB