b350bff671900111afccec336235e661_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b350bff671900111afccec336235e661_JaffaCakes118
Size

118KB
MD5

b350bff671900111afccec336235e661
SHA1

7e4a29056a8843e94e1ce19f0abc014c53d2014c
SHA256

8b1e401a7b21588a13a89bae5ee64063d0646d344f256bd5a45aacaf492fdd25
SHA512

beb69f453657c4166fb4a3465e84c9162cec74b1e425345a95e2a84afc38d5304d1cc09917c51ec9102c8389ed1d808ea22d3218f586e49f64e4330bd7a88c1c
SSDEEP

1536:yu4V83ZtGdb2jlLthhxnE33L7pxKRLJ8K7+OOOMO7Q0LUL4cbXfYOxHja3nKTDT7:yu4qJQwU2HDfnU+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b350bff671900111afccec336235e661_JaffaCakes118

Files

b350bff671900111afccec336235e661_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5cb6a45d2fb09026fcbb1203c3e0443e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\周令俊\桌面\Hack\YaBot-LEAKiSO-20072\bin32\bot.pdb

Imports

kernel32

GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
GetModuleFileNameA
GetVersionExA
CreateProcessA
FreeLibrary
LoadLibraryExA
CopyFileA
SetFileAttributesA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetShortPathNameA
SetProcessWorkingSetSize
ReadFile
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetSystemDirectoryA
GetComputerNameA
GetLocaleInfoA
GetTickCount
GetTempPathA
GetFileSize
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
WriteFile
CreateFileA
DeleteFileA
GetDateFormatA
GetTimeFormatA
OutputDebugStringA
GetStdHandle
SetConsoleTextAttribute
TerminateThread
ExitProcess
CloseHandle
Sleep
CreateMutexA
GetLastError
TerminateProcess

user32

GetKeyboardLayout
GetKeyboardState
GetKeyNameTextA
GetWindowTextA
ToAsciiEx
UnhookWindowsHookEx
DispatchMessageA
SetKeyboardState
GetMessageA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
OpenEventLogA
ClearEventLogA
CloseEventLog
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
RegDeleteKeyA

shell32

ShellExecuteA

mpr

WNetCancelConnection2A
WNetAddConnection2A

msvcrt

system
atol
islower
strstr
malloc
sscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
strtok
toupper
strncpy
srand
__CxxFrameHandler
atoi
_snprintf
fclose
fprintf
fopen
printf
strncat
_vsnprintf
rand

netapi32

NetShareDel

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedStateEx
InternetCloseHandle

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname
gethostbyaddr
inet_addr
recv
send
closesocket
connect
htons
socket
getsockname
ntohs
WSAIoctl
bind
WSASocketA
WSACloseEvent
shutdown
accept
listen
sendto
htonl

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

Sections

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cb6a45d2fb09026fcbb1203c3e0443e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

mpr

msvcrt

netapi32

wininet

ws2_32

ntdll

Sections

.bss Size: - Virtual size: 3KB

.data Size: 106KB - Virtual size: 105KB

.rsrc Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 3KB

.data
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 11KB - Virtual size: 11KB