b34ffdc6dfb6c49aef4187a088928601_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b34ffdc6dfb6c49aef4187a088928601_JaffaCakes118
Size

215KB
MD5

b34ffdc6dfb6c49aef4187a088928601
SHA1

5699b498e9c8c1a5fc6c820cff8bc53d88b0173e
SHA256

f876879b50c21790f5186ee6c308181aadd6146fd16e67ea0c1ae15e40cae226
SHA512

17bceb5e2baaf4e08b796983864f08b7e6fc3f729f71ba043bb77f10e3c577c777f2b42007d9347354baf6a7f83e51b542571309f0ef25fb09a0aa2ae794224e
SSDEEP

3072:Mfc4w1zX9GUgM7WxslyFaK58lpKyMDUgvzmetStg8MDxP/6MVwHzqplNJi:Mfc4w1xxmxsQFJKpKyzgbrtSeZCFqLLi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Advanced IP Scanner/Advanced IP Scanner.exe

Files

b34ffdc6dfb6c49aef4187a088928601_JaffaCakes118
.rar
Advanced IP Scanner/Advanced IP Scanner.chm
.chm
Advanced IP Scanner/Advanced IP Scanner.exe
.exe windows:4 windows x86 arch:x86

0ec2e14f55ca7f561dae1b5afcb7ba4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetEndOfFile
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetACP
GetCPInfo
UnhandledExceptionFilter
SetLastError
TlsAlloc
HeapSize
HeapReAlloc
CreateFileA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
WriteFile
RaiseException
GetCommandLineA
GetStartupInfoA
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
HeapAlloc
HeapFree
ExitThread
TlsGetValue
TlsSetValue
RtlUnwind
FindResourceA
LoadResource
LockResource
ResumeThread
ReleaseSemaphore
InterlockedIncrement
WaitForSingleObject
InterlockedDecrement
CreateSemaphoreA
MulDiv
IsBadStringPtrA
WideCharToMultiByte
GetLastError
IsBadReadPtr
GetVersion
MultiByteToWideChar
InterlockedExchange
GetEnvironmentVariableA
GetCurrentThread
SetThreadPriority
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameA
Sleep
LoadLibraryA
FreeLibrary
GetVersionExA
GetTickCount
GetProcAddress
CreateThread
CloseHandle
GetOEMCP

user32

EndPaint
BeginPaint
DrawTextA
GetSysColor
GetParent
PtInRect
LoadBitmapA
IsWindow
GetClassNameA
SetFocus
GetSystemMetrics
SetWindowPos
GetClassInfoA
GetWindowRect
SendMessageA
DestroyWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
EnableWindow
UpdateWindow
ShowWindow
CreateDialogParamA
GetPropA
SetPropA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
DestroyMenu
InsertMenuItemA
CreatePopupMenu
TrackPopupMenu
LoadMenuA
RegisterClassA
UnregisterClassW
UnregisterClassA
IsWindowUnicode
DefWindowProcW
DefWindowProcA
LoadStringA
GetDesktopWindow
GetSubMenu
MessageBoxA
EnumDisplaySettingsA
CreateWindowExA
CheckRadioButton
GetFocus
GetDlgCtrlID
InvalidateRect
SetClassLongA
LoadImageA
ClientToScreen
SetCapture
GetCursorPos
ScreenToClient
SetRectEmpty
CopyRect
SetRect
MoveWindow
LoadCursorA
SetCursor
ReleaseCapture
GetWindowTextA
SetWindowTextA
LoadIconA
DestroyIcon
GetClientRect

gdi32

CreateFontA
GetDeviceCaps
SetPolyFillMode
SelectObject
GetStockObject
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
BitBlt
GetObjectA
SetBkColor
SetTextColor
GetTextExtentPoint32A
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

InitiateSystemShutdownA
AbortSystemShutdownA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Create
InitCommonControlsEx
ord17
ImageList_LoadImageA
ImageList_Add
ImageList_Destroy

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCancelConnection2A
WNetAddConnection2A

ws2_32

gethostname
gethostbyname
htonl
WSAStartup
setsockopt
gethostbyaddr
inet_ntoa
socket
WSAGetLastError
bind
htons
sendto
select
recvfrom
closesocket

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Advanced IP Scanner/versions.txt
Advanced IP Scanner/说明.txt

Sharing

General

Malware Config

Signatures

Files

0ec2e14f55ca7f561dae1b5afcb7ba4b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

mpr

ws2_32

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 104KB - Virtual size: 100KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 104KB - Virtual size: 100KB