e0c9b706b33501c4eacfb11ea3ecc299_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0c9b706b33501c4eacfb11ea3ecc299_JaffaCakes118
Size

118KB
MD5

e0c9b706b33501c4eacfb11ea3ecc299
SHA1

542703c9b646d5a513afa30c89e11e13de53103e
SHA256

77e8361c05922c593414fe613b02cb00cd4d8989235f777a26aea267dbf64e24
SHA512

3eb7021b186dffd1261a7b926429c3f0a1ff1a6523ee9302ffbaddc111b46e6b5faed8801c3815e344177a094a8fc761c6802aae59392bd225f7fe1b3ca70e38
SSDEEP

1536:m7zVsyrUGaLjV+m706SbLYwmWJ9x2Ny0HW8JimLuPVzEgWdZQPNM6I5rW:mmZFjV+m706owcgJieOzEg9Pq6I5rW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c9b706b33501c4eacfb11ea3ecc299_JaffaCakes118

Files

e0c9b706b33501c4eacfb11ea3ecc299_JaffaCakes118
.exe windows:5 windows x86 arch:x86

abfb62dfc24fbc2fb2bdbbdd26faa0fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\20170823源码集合\20170730改版企业版2.9源码\serverdata\Release\NewTest.pdb

Imports

kernel32

Sleep
GetProcessHeap
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
VirtualProtect
IsBadReadPtr
ReadFile
GetFileSize
lstrcpyA
CloseHandle
CreateFileA
FreeLibrary
WriteFile
DeleteFileA
GetFileAttributesA
GetLastError
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapCreate
HeapDestroy
VirtualFree
HeapFree
VirtualAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetConsoleCtrlHandler
InterlockedExchange
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

Kessmia

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abfb62dfc24fbc2fb2bdbbdd26faa0fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB