8de9da3979fa2e015e8b470980d36ea9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8de9da3979fa2e015e8b470980d36ea9_JaffaCakes118
Size

136KB
MD5

8de9da3979fa2e015e8b470980d36ea9
SHA1

e5315a109753dd729a153f128fb7737596da58a9
SHA256

5870683e029c06b14f7fb6625c442731a239fbe43961cef0236b3d95c7e4a214
SHA512

535745bd71bc5f0d370f082fe3a8829cde24b487ae94d0961623ac89b44dbafc14ce6d9314b9e65ff67d72fc9dd304ee744da0b3546f1652b686184f59f310f5
SSDEEP

1536:Jy3yptMtVgD70No5skAwyJnpaq98N89NSel6H/BbOX:JmLVgv0rkBk9NSel6fBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8de9da3979fa2e015e8b470980d36ea9_JaffaCakes118

Files

8de9da3979fa2e015e8b470980d36ea9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f565772032082fb4af951b17253087e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Administrator\桌面\Bots\KernelBots_Up10\Shell\Release\Shell.pdb

Imports

ws2_32

inet_ntoa
WSACleanup
closesocket
select
connect
htons
setsockopt
htonl
sendto
WSAStartup
send
socket
inet_addr
gethostbyname

kernel32

Sleep
CreateThread
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
lstrcatW
lstrcpyW
GetProcAddress
GetModuleHandleW
GlobalFree
GlobalAlloc
GetModuleFileNameA
CloseHandle
GetSystemDirectoryA
OpenFile
lstrlenW
GetModuleFileNameW
GetLastError
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateProcessW
GetSystemDirectoryW
GetCurrentProcess
CreateFileW
CopyFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
GetVolumeInformationW
ExitProcess
RtlUnwind
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
VirtualProtect
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetSystemInfo
SetEndOfFile
ReadFile
HeapAlloc
GetCurrentThreadId
HeapSize

user32

ShowWindow
CreateWindowExW
RegisterClassExW
wsprintfW
UpdateWindow
GetWindowLongW
GetMessageW
DispatchMessageW
TranslateMessage
DefWindowProcW
PostQuitMessage
SetWindowLongW
GetClientRect

advapi32

ChangeServiceConfigW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CreateServiceW
RegOpenKeyExW
ControlService
CloseServiceHandle

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

SysAllocString
VariantClear
VariantInit

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

Exports

Exports

DestoryAntiVirus
GetDllModuleControl
StartShell

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f565772032082fb4af951b17253087e

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 48KB - Virtual size: 65KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 48KB - Virtual size: 65KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 8KB - Virtual size: 6KB