b7df2bae86f9c1f3a251a97549f09127_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7df2bae86f9c1f3a251a97549f09127_JaffaCakes118
Size

283KB
MD5

b7df2bae86f9c1f3a251a97549f09127
SHA1

117440c989856f39126ade511cfa35698493d9fc
SHA256

598ad1c737a5ee90dec47bc843264190510d648bf61472294be65e676631429a
SHA512

9e7865dfc9582a988c8fed1e83d2e0663dfc9d4648886f6d86fbb437d58e88d0252be399adb545ac03956c0b7233bc107319be513ae82b5c22144712a9303979
SSDEEP

6144:nTEEtnxQ8YDpKv9kyIumYrtWKX7LwOcBnc3PmWxM1S:nTVtnhVlFmCxX7LdcBnceWr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TrafSvc.exe

Files

b7df2bae86f9c1f3a251a97549f09127_JaffaCakes118
.zip
File_ID.Diz
ICU.nfo
TrafSvc.exe
.exe windows:4 windows x86 arch:x86

42cc00bfe85ea8b1a1be68ff405535a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenThreadToken
CreateServiceW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumValueW
CryptAcquireContextW
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
GetUserNameW
CryptReleaseContext
RegEnumKeyExW
RegCloseKey
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

kernel32

CreateEventW
lstrcpyW
GetCurrentThread
lstrcatW
GetModuleHandleW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CopyFileW
DeleteFileW
ResetEvent
CreateMutexW
GetCommandLineW
GetDateFormatW
lstrlen
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
CreateFileA
WaitForMultipleObjects
WaitForSingleObject
SetEvent
LocalAlloc
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
GlobalMemoryStatus
OpenProcess
GetModuleFileNameW
GetSystemDirectoryW
lstrlenW
GetFileTime
FileTimeToSystemTime
GetSystemInfo
FreeLibrary
GetLocaleInfoW
CreateFileW
GetLastError
CloseHandle
RaiseException
GetVersionExW
DeleteCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
Sleep
FindNextFileW
FindFirstFileW
FindClose
LocalFree
InterlockedIncrement
InterlockedDecrement
GetFileAttributesW
CreateDirectoryW
RestoreLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetOEMCP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetCommandLineA
HeapAlloc
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
GetCurrentProcessId
GetModuleHandleA
GetStartupInfoW
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
SetStdHandle
GetStartupInfoA
GetFileType
GetStdHandle
LockResource
ReadFile
HeapSize
UnhandledExceptionFilter
TerminateProcess
VirtualProtect
GetTimeZoneInformation
VirtualQuery
SetFilePointer
FlushFileBuffers
WriteFile
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA

oleaut32

VarUI4FromStr
RegisterTypeLib
UnRegisterTypeLib
LoadTypeLib
SysAllocStringLen
VarBstrCat
SysStringLen
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

shlwapi

PathFindExtensionW

user32

MessageBoxW
PostThreadMessageW
LoadStringW
DispatchMessageW
CharNextW
GetMessageW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeGetDevCaps
timeBeginPeriod
timeSetEvent
timeKillEvent

ws2_32

WSAStartup
gethostname
socket
htonl
bind
listen
accept
htonl
htons
WSACreateEvent
WSAEventSelect
WSACloseEvent
shutdown
closesocket
recv
WSAResetEvent
send
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAGetLastError
inet_addr

iphlpapi

GetIfTable
GetIpAddrTable

ndisapi

?ConvertWindows9xAdapterName@CNdisApi@@SAHPBDPADK@Z
?SendPacketToMstcp@CNdisApi@@QAEHPAU_ETH_REQUEST@@@Z
?SendPacketToAdapter@CNdisApi@@QAEHPAU_ETH_REQUEST@@@Z
?FlushAdapterPacketQueue@CNdisApi@@QAEHPAX@Z
?SetHwPacketFilter@CNdisApi@@QAEHPAXK@Z
?GetHwPacketFilter@CNdisApi@@QAEHPAXPAK@Z
?SetPacketEvent@CNdisApi@@QAEHPAX0@Z
?GetTcpipBoundAdaptersInfo@CNdisApi@@QAEHPAU_TCP_AdapterList@@@Z
?IsDriverLoaded@CNdisApi@@QAEHXZ
??0CNdisApi@@QAE@PBD@Z
??1CNdisApi@@UAE@XZ
?SetAdapterMode@CNdisApi@@QAEHPAU_ADAPTER_MODE@@@Z
?ReadPacket@CNdisApi@@QAEHPAU_ETH_REQUEST@@@Z

ole32

CoUninitialize
CoCreateInstance
OleRun
CoInitializeEx
CoRegisterClassObject
StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoRevokeClassObject

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42cc00bfe85ea8b1a1be68ff405535a8

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

shlwapi

user32

version

winmm

ws2_32

iphlpapi

ndisapi

ole32

Sections

.text Size: 272KB - Virtual size: 272KB

Size: 88KB - Virtual size: 88KB

Size: 916KB - Virtual size: 916KB

.rsrc Size: 4KB - Virtual size: 4KB

Size: 96KB - Virtual size: 96KB

Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.text
Size: 272KB - Virtual size: 272KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB