62303c93b95012f14c1c88f4d89f9a50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62303c93b95012f14c1c88f4d89f9a50_JaffaCakes118
Size

196KB
MD5

62303c93b95012f14c1c88f4d89f9a50
SHA1

d8a08e1872a194d1394d75bfc268bfa5fd8e275c
SHA256

97816f7aae59366a6687c492423f455be4e351f7f33329598c08d1c88022cfab
SHA512

8eff4b50a08ea541c8722d7be6230eca0560b4d206a1f6524fe5df6fbd2c67e546dfb978b86c653a61418f0ad6b953d818253775823df098b44ea739d4a430e3
SSDEEP

6144:eEwUVmaujjVFtXINroWiW2BrTwPxHKzVS9qP/9XqtOwdz:eEFVmaujjVFtXINroWiW2BrTwPxHKzPq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62303c93b95012f14c1c88f4d89f9a50_JaffaCakes118

Files

62303c93b95012f14c1c88f4d89f9a50_JaffaCakes118
.dll windows:4 windows x86 arch:x86

734fd8137114d435e2076dca27682d3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Administrator\桌面\32\Shell\Release\Shell.pdb

Imports

ws2_32

inet_ntoa
sendto
closesocket
select
htonl
WSACleanup
WSAStartup
setsockopt
send
socket
inet_addr
htons
connect
gethostbyname

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

kernel32

VirtualProtect
HeapFree
Sleep
SetEvent
WaitForSingleObject
lstrlenW
CreateThread
CreateEventW
lstrcpyW
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
CreateFileW
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
OpenFile
CloseHandle
HeapAlloc
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateProcessW
CopyFileW
DeleteFileW
DeviceIoControl
GetPrivateProfileStringW
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetExitCodeThread
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetCurrentThreadId
SetFilePointer
ReadFile
DuplicateHandle
ExitProcess
RtlUnwind
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
GetLastError
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetSystemInfo
SetEndOfFile
LeaveCriticalSection

user32

RegisterClassExW
wsprintfW
CreateWindowExW
UpdateWindow
GetMessageW
DispatchMessageW
TranslateMessage
DefWindowProcW
PostQuitMessage
SetWindowLongW
GetClientRect
GetWindowLongW
ShowWindow

advapi32

ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCreateKeyW
ChangeServiceConfigW
RegEnumKeyW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
CreateServiceW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

Exports

Exports

DestoryAntiVirus
GetDllModuleControlInit
StartShell
StartShell_A
StartShell_B
StartShell_C
StartShell_D

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734fd8137114d435e2076dca27682d3f

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 40KB - Virtual size: 80KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 40KB - Virtual size: 80KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 12KB - Virtual size: 11KB