ffdroider | 8a63c557e22f04951cc3be481916ed46_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a63c557e22f04951cc3be481916ed46_JaffaCakes118
Size

1.3MB
MD5

8a63c557e22f04951cc3be481916ed46
SHA1

69445fd3050666003eab6ae98ed3521f2e48ea02
SHA256

9aa7a5176e797d8d33d5f5f95e1506dcfa4af6be639f129c48c684c1cb1f4ef9
SHA512

849c8c3dba086c4ff2cd12d4bd73dc5ebd54a6caecf6159a37795a58b333847461fc93ddc545e4bac4dbd1d2fb5c24b35a7aa61d5d76d1af10a1005ff9f47544
SSDEEP

24576:ku20QVqu6Sn1o9HEZZi+MRkyZvmGoaYDz+gTQ3PGo3sItA+Ua5gZo/qdWx1jgZYv:t20Qx7oyo+MtlYDzRpW/qdhZYqju

Score

10^/10

ffdroider

Malware Config

Extracted

Family

ffdroider

http://101.36.107.74

Signatures

Ffdroider family
ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8a63c557e22f04951cc3be481916ed46_JaffaCakes118

Files

8a63c557e22f04951cc3be481916ed46_JaffaCakes118
.exe windows:6 windows x86 arch:x86

31972de245a7d2a397511c35d0aeda34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\免杀\new10\TestExeBin\new10zNoteDebug.pdb

Imports

kernel32

DeleteFileW
GetFileSize
GetVolumeInformationW
ReadFile
WriteFile
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObject
CreateMutexW
Sleep
GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateThread
GetSystemDirectoryW
VirtualQuery
FindResourceExW
GetModuleFileNameW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
CopyFileW
GetExitCodeThread
WideCharToMultiByte
SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ContinueDebugEvent
WaitForDebugEvent
TerminateProcess
CreateProcessW
ReadProcessMemory
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
CreateFileW
FreeLibrary
SystemTimeToFileTime
LockFileEx
LocalFree
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
GetFileAttributesW
GetTempPathW
UnlockFileEx
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
CreateDirectoryW
MultiByteToWideChar
GetPrivateProfileStringW
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
GetLastError
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation

user32

GetDesktopWindow
wsprintfW
wsprintfA

shell32

SHGetSpecialFolderPathW

ws2_32

WSAStartup

shlwapi

PathFileExistsW

esent

JetRetrieveColumn
JetDBUtilitiesW
JetMove
JetCloseTable
JetOpenTableA
JetCloseDatabase
JetOpenDatabaseA
JetGetColumnInfoA
JetDetachDatabaseA
JetAttachDatabaseA
JetEndSession
JetBeginSessionA
JetSetSystemParameterA
JetTerm
JetCreateInstanceA
JetInit

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl

wininet

InternetOpenW
InternetQueryOptionW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31972de245a7d2a397511c35d0aeda34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ws2_32

shlwapi

esent

winhttp

wininet

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 45KB - Virtual size: 56KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 45KB - Virtual size: 56KB

.rsrc
Size: 512B - Virtual size: 16B