bf6408606ace46e92f096b12393dca47_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bf6408606ace46e92f096b12393dca47_JaffaCakes118
Size

161KB
MD5

bf6408606ace46e92f096b12393dca47
SHA1

91ebc2960a9e4e43f8797edc031f9249acd8135f
SHA256

c12135ee1de3b2595e2f3f1ec0609fe843040a0de187688b49bcadfca358ed97
SHA512

8cfc678954c43a5845a09aa229dfe46add01fa29344454c8847d32824ba1418466868801e344592413e240497e5b954b2d4eed825234d949b78ce7ab2559d993
SSDEEP

3072:3NMDncHzeH9FkBGtaqH4kqXWmGjX8Ja0O4PecOvavAYg7q:dicHziFZtaNkqWL8JXHPecOcNl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf6408606ace46e92f096b12393dca47_JaffaCakes118

Files

bf6408606ace46e92f096b12393dca47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1903b6bb32064398ab2c580a7308595d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\작업\pfs\PFS\PFS_Service\Release\PFS.pdb

Imports

kernel32

FileTimeToSystemTime
CreateFileW
WriteFile
CreateProcessW
GetExitCodeThread
TerminateThread
FormatMessageW
LocalFree
GetSystemTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
LocalAlloc
GetVersionExW
SetFilePointer
GetDiskFreeSpaceExW
GetLocalTime
MultiByteToWideChar
SetFileAttributesW
CreateDirectoryW
GetLastError
GetModuleFileNameW
Sleep
SetEvent
WideCharToMultiByte
CloseHandle
WaitForSingleObject
CreateEventW
InterlockedDecrement
FindClose
FindNextFileW
DeleteFileW
GetSystemTimeAsFileTime
FindFirstFileW
InitializeCriticalSection
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapFree
GetTickCount

advapi32

StartServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
StartServiceCtrlDispatcherW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW

shell32

ShellExecuteW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoUninitialize
OleRun
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
VariantClear

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?_Copy_s@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WIII@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?copy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WII@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

htons
getservbyname
send
recv
select
inet_ntoa
inet_addr
WSACleanup
gethostname
WSAStartup
socket
setsockopt
connect
__WSAFDIsSet
accept
getsockname
bind
listen
shutdown
sendto
ntohl
closesocket
WSAGetLastError
getpeername
gethostbyname

iphlpapi

GetIpAddrTable
GetAdaptersInfo
GetIfTable

wininet

HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetConnectW
InternetOpenW

msvcr90

_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
_memccpy
_strdup
__CxxFrameHandler3
_controlfp_s
memcpy
__dllonexit
_unlock
memset
_CxxThrowException
_wcsicmp
realloc
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
swprintf_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
_itow_s
_beginthreadex
wcscpy_s
sprintf_s
_wtoi64
_wtof
_i64tow_s
wcsncpy_s
_wtoi
free
calloc
perror
malloc
strncpy
strerror
_errno
printf
strncpy_s
strncmp
strchr
isdigit
atoi
sprintf
strcpy_s
sscanf
fopen
fseek
__iob_func
fclose
fread
fflush
fwrite
_gmtime64
_time64
srand
_endthreadex
memchr
strstr
_strupr
_stricmp
rand
_stat64
_atoi64
remove
rename
_mkdir
_rmdir
_vsnprintf
isalnum
isspace
?_open@@YAHPBDHH@Z
_lseeki64
_write
_close
_read
_findnext64
_findfirst64
_findclose
isalpha
wcsstr
wcsncpy
_time32

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1903b6bb32064398ab2c580a7308595d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcp90

ws2_32

iphlpapi

wininet

msvcr90

version

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB