699294c7f6b9c48dbc0a6e6aa43665dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

699294c7f6b9c48dbc0a6e6aa43665dd_JaffaCakes118
Size

1.3MB
MD5

699294c7f6b9c48dbc0a6e6aa43665dd
SHA1

fc533ab591c4acecb994a5c342dd18ab2b1e77b1
SHA256

b4ef5f35adabaaf1a9b02d8a945294239c3e1cd0a4d19bb6eb037ffef8fdd8ad
SHA512

b9459c02b72fcff21210fd51abe4fb516dea848c0fbc88d24d2d754c8701e62135663b21cfda12eff8698a4abacb5dc9e224b161c02df753462276493ef03cfd
SSDEEP

24576:aGsvZMwdrxUO2TfU35wHQfXcxlQ5NOjNdxgMuRTPtblAdoCT11w3Y3C3PjU:fsvawdrEIJ99yTPS3PjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699294c7f6b9c48dbc0a6e6aa43665dd_JaffaCakes118

Files

699294c7f6b9c48dbc0a6e6aa43665dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dce786f8d03dd593a7cbd8ca48193ffa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\revconnect-0.674b-src\App\DCPlusPlus.pdb

Imports

kernel32

SetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
GlobalLock
GlobalUnlock
ReleaseSemaphore
GetVersionExA
GetCommandLineW
SetThreadPriority
CreateThread
WaitForSingleObject
GetCurrentProcessId
SetEnvironmentVariableA
SetStdHandle
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidLocale
ExitProcess
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
HeapSize
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
HeapDestroy
VirtualQuery
GetDateFormatA
GetTimeFormatA
TerminateProcess
RtlUnwind
HeapReAlloc
GetStringTypeA
LCMapStringA
EnumSystemLocalesA
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetOverlappedResult
ResetEvent
GetFileTime
DeviceIoControl
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTickCount
SetUnhandledExceptionFilter
FindClose
LoadResource
SizeofResource
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
FlushFileBuffers
SetEndOfFile
WriteFile
ReadFile
LocalFree
GetFileSize
GetLastError
SetFilePointer
CloseHandle
GetCurrentThread
SuspendThread
ResumeThread
GlobalAlloc
GlobalFree
GetEnvironmentVariableA
lstrcpynA
MulDiv
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
Sleep
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
EnterCriticalSection
GetUserDefaultLCID
RaiseException

advapi32

RegCloseKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptDestroyKey
CryptSetHashParam
RegCreateKeyExA
RegSetValueExA
CryptGenRandom
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA

user32

SystemParametersInfoA
GetSystemMetrics
ScrollWindow
ChildWindowFromPoint
SetDlgItemInt
CheckRadioButton
CloseWindow
SetTimer
KillTimer
TranslateMDISysAccel
GetUpdateRect
InflateRect
FrameRect
WindowFromPoint
GetWindowThreadProcessId
IsWindowEnabled
CallNextHookEx
UnhookWindowsHookEx
GetMenuDefaultItem
GetSystemMenu
DrawFrameControl
CreateMenu
CloseClipboard
SetClipboardData
MessageBoxA
CreatePopupMenu
EnableMenuItem
GetWindowRect
InvalidateRect
MoveWindow
GetClientRect
IsWindow
CopyRect
TrackPopupMenu
EndDialog
GetParent
GetDlgItem
SetWindowPos
MapWindowPoints
GetWindow
GetActiveWindow
SetFocus
IsDlgButtonChecked
CheckDlgButton
ClientToScreen
ScreenToClient
RedrawWindow
EmptyClipboard
OpenClipboard
DestroyIcon
DrawIconEx
SetRect
GetCursorPos
CharUpperA
BringWindowToTop
IsMenu
GetWindowPlacement
IsZoomed
SetMenu
EnumWindows
SetForegroundWindow
TranslateMessage
HideCaret
DestroyWindow
GetAsyncKeyState
ShowWindow
IsIconic
OffsetRect
TrackPopupMenuEx
MessageBeep
AdjustWindowRectEx
DrawMenuBar
LoadStringA
PostQuitMessage
DrawEdge
EndPaint
BeginPaint
SetCapture
GetCapture
SetCursor
GetWindowDC
GetMessagePos
PtInRect
ReleaseCapture
UpdateWindow
GetKeyState
LockWindowUpdate
GetSysColorBrush
GetSysColor
FillRect
IsWindowVisible
IsChild
GetSubMenu
SetRectEmpty
GetDC
ReleaseDC
GetFocus
DestroyMenu
GetMenuState
SetMenuDefaultItem
RemoveMenu
GetMenuItemCount
DeleteMenu

gdi32

Rectangle
BeginPath
PolylineTo
CloseFigure
EndPath
FillPath
MoveToEx
BitBlt
LineTo
CreateDIBSection
SetBrushOrgEx
SetTextColor
GetViewportOrgEx
SetViewportOrgEx
GetStockObject
SetBkColor
CreateBitmap
CreatePatternBrush
PatBlt
CreateCompatibleDC
CreatePen
CreateCompatibleBitmap
Polyline
DeleteDC
CreateSolidBrush
DeleteObject
SelectObject
SetBkMode

shell32

DragFinish
SHGetMalloc

ws2_32

setsockopt
listen
ntohs
send
select
__WSAFDIsSet
getsockopt
sendto
recv
recvfrom
connect
accept
socket
WSAGetLastError
htons
bind
inet_addr
ntohl
WSAAsyncSelect
closesocket
WSAStartup
WSACleanup
inet_ntoa
gethostbyname
gethostname
htonl
getsockname
ioctlsocket
shutdown

kademlia

?GetKademliaVersion@@YANXZ
?StartKademlia@@YAHPAEGG@Z
?SendPartialRequest@@YA_NIGPBEEPBG@Z
?FindFile@@YA_NPBE@Z
?PublishFile@@YAXPBE_N@Z
?SetFindFileResultHandler@@YAXP6AXPBEHGG@Z@Z
?SetPartialRequestHandler@@YAXP6A_NIGGPBEEPBGPAEPAG@Z@Z
?StopKademlia@@YAXXZ
?SetPartialResponseHandler@@YAXP6A_NIGGPBEEPBG@Z@Z

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

shlwapi

PathIsDirectoryW
SHDeleteKeyW

comctl32

DestroyPropertySheetPage
ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_Draw
PropertySheetW
ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageW
InitCommonControlsEx
CreateStatusWindowW

Sections

.text
Size: 904KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dce786f8d03dd593a7cbd8ca48193ffa

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

ws2_32

kademlia

ole32

shlwapi

comctl32

Sections

.text Size: 904KB - Virtual size: 902KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 28KB - Virtual size: 201KB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 72KB - Virtual size: 92KB

.text
Size: 904KB - Virtual size: 902KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 28KB - Virtual size: 201KB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 72KB - Virtual size: 92KB