ea6c2149005e2e8d63eb3826e80a27b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea6c2149005e2e8d63eb3826e80a27b6_JaffaCakes118
Size

85KB
MD5

ea6c2149005e2e8d63eb3826e80a27b6
SHA1

9f71380525c63f54aafc22186446c203bbec434b
SHA256

5c3bf87267f331b609e84936ceb116bf1176dd49d86b5c00dd52c25136d50b26
SHA512

0e51fbf1a6a53393f91166297049dcad4e13e4003bcc8d6f70f1f4efa314b8d2885bed8836e2c0c04c9f35d9ada69212164af9dc6db17892cfcbdab9250103f0
SSDEEP

1536:EP+6eYZjx6iiCoqy4O94pzkPyITiMW2RGxSM5v5y88:EP/hjxtozeBUTw2GxP+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IpcScan-gui.exe
unpack001/IpcScan.exe

Files

ea6c2149005e2e8d63eb3826e80a27b6_JaffaCakes118
.zip
IpcScan-gui.exe
.exe windows:4 windows x86 arch:x86

4898d01601f4568b6b8406f11bb10b86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitThread
HeapFree
RaiseException
HeapAlloc
TerminateProcess
HeapReAlloc
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
HeapSize
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GetEnvironmentStrings
GetStartupInfoA
LocalFree
FreeLibrary
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
lstrcatA
Sleep
lstrcpyA
GetProfileStringA
ExitProcess
GetCommandLineA
RtlUnwind
SetEndOfFile
SetFilePointer
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
SetErrorMode
GetCurrentProcess
WritePrivateProfileStringA
GetCPInfo
GetOEMCP
LocalReAlloc
GetProcessVersion
TlsGetValue
GlobalReAlloc
TlsSetValue
EnterCriticalSection
GlobalHandle
LeaveCriticalSection
TlsFree
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
IsBadCodePtr
LocalAlloc
SizeofResource
TerminateThread
GetLastError
GlobalFlags
lstrcpynA
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
LoadLibraryA
SetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr

user32

GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
ReleaseDC
GetDC
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetClassNameA
GetSysColorBrush
DestroyMenu
LoadStringA
InflateRect
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetMenuCheckMarkDimensions
wvsprintfA
PostQuitMessage
ModifyMenuA
GetTopWindow
MessageBoxA
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
GetCapture
PtInRect
ReleaseCapture
SetCapture
InvalidateRect
UpdateWindow
GetSysColor
SetCursor
LoadBitmapA
GetMenuState
IsWindowVisible
EnableMenuItem
LoadCursorA
wsprintfA
PostMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
EnableWindow
GetMenuItemID
GetSubMenu
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode

gdi32

SetTextColor
SetBkColor
CreateBitmap
PatBlt
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetObjectA
GetStockObject
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
CreateFontIndirectA
GetClipBox

comdlg32

GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17
ImageList_Destroy

ws2_32

closesocket
ntohl
WSAStartup
inet_addr
WSACleanup
htonl
inet_ntoa
socket
connect
htons

mpr

WNetCancelConnection2A
WNetAddConnection2A

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IpcScan.exe
.exe windows:4 windows x86 arch:x86

d868ea7773025fefc2eab3e978357827

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
CreateThread
GetStdHandle
Sleep
SetConsoleTextAttribute
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
WaitForSingleObject
GetModuleFileNameA
GetFileAttributesA
GetExitCodeProcess
SetFilePointer
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CreateProcessA
GetLastError
MultiByteToWideChar
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TerminateProcess
GetCurrentProcess
CreateFileA
HeapCreate
GetStringTypeW
CloseHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetStringTypeA
WriteFile
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
VirtualAlloc
VirtualFree
RtlUnwind
HeapAlloc
FlushFileBuffers
HeapReAlloc
SetStdHandle
ReadFile

user32

wsprintfA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetApiBufferFree
NetUserEnum

ws2_32

WSAStartup
htons
htonl
socket
connect
closesocket
WSACleanup
inet_ntoa
gethostbyname
inet_addr
ntohl

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ipcpass.dic
ipcuser.dic

Sharing

General

Malware Config

Signatures

Files

4898d01601f4568b6b8406f11bb10b86

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ws2_32

mpr

netapi32

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 12KB - Virtual size: 9KB

d868ea7773025fefc2eab3e978357827

Headers

File Characteristics

Imports

kernel32

user32

mpr

netapi32

ws2_32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 138KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 12KB - Virtual size: 9KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 138KB