eaff7f7dc423f8a22105ec227c582a58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eaff7f7dc423f8a22105ec227c582a58_JaffaCakes118
Size

167KB
MD5

eaff7f7dc423f8a22105ec227c582a58
SHA1

f4a2d2cb2b270ebc9be5d294c03dda2ec28f707d
SHA256

68bced9699908fd7e84591b2a3a2424d687dc1e03a4ed2aa0cbaed63448c74b2
SHA512

19d1f18398ad34e9328ef8b24f8985b14cb95ed4ccd4f66ebc3e755ffe107fbe796f3dcc7840f91c6566b9d11768fc930186e91fca266457fe2818d1cb0c63d7
SSDEEP

3072:kaGO9ukPJwDv/tzu5HRt4FWpdrtO1bp4Aix4+3yFrkhnlz/LH+e/:NukPJwDH2RtQCi7FT+3+rkhZ/LR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaff7f7dc423f8a22105ec227c582a58_JaffaCakes118

Files

eaff7f7dc423f8a22105ec227c582a58_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0bd287b7f3283d5759d216826868b18b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\wang\后门代码\GUI3.0_Src\超级精灵v1.0\超级精灵v1.0改进代码\Client4常规版本（20060901）\GUISvrDll-增加屏幕控制\GUISvrDll-屏幕传送一次性发送版-小文件大压缩版\Release\GUISvrDll.pdb

Imports

kernel32

GetTempPathA
SetPriorityClass
GetCurrentProcess
ResumeThread
SetLastError
GetVersion
MoveFileA
GetFileSize
VirtualAlloc
ReadFile
WriteFile
GetModuleFileNameA
MultiByteToWideChar
GetCurrentProcessId
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcpyW
IsBadReadPtr
OpenProcess
DeleteFileA
GetVolumeInformationA
CreateFileMappingA
MapViewOfFile
WideCharToMultiByte
GetPriorityClass
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
OpenFileMappingA
GetWindowsDirectoryA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
GetTickCount
CreatePipe
LockResource
TerminateProcess
GetLogicalDrives
GetDriveTypeA
FindNextFileA
FileTimeToSystemTime
CreateDirectoryA
GetProcessTimes
GetFileAttributesA
RemoveDirectoryA
FormatMessageA
LocalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
GetACP
UnhandledExceptionFilter
HeapSize
ExitProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
LoadResource
SizeofResource
FindResourceA
CopyFileA
lstrlenA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcatA
CreateProcessA
GetSystemDirectoryA
FindClose
SetFileTime
CreateFileA
FindFirstFileA
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
SetErrorMode
Sleep
CreateMutexA
lstrcpyA
TerminateThread
WaitForSingleObject
CreateThread
GetLastError
CloseHandle
UnmapViewOfFile
VirtualProtect
GetProcAddress
LoadLibraryA
LeaveCriticalSection
SetThreadPriority
GetCurrentThread
GetThreadPriority
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
PeekNamedPipe
InitializeCriticalSection
SetUnhandledExceptionFilter
GetStringTypeA
SetEndOfFile
GetLocaleInfoA
IsBadCodePtr
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
SetStdHandle
FlushFileBuffers
InterlockedExchange
VirtualQuery
GetSystemInfo
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

KillTimer
SetWindowTextA
GetWindowTextA
GetDlgItem
SetTimer
MessageBoxA
CloseWindow
ExitWindowsEx
EndDialog
DialogBoxParamA
UnregisterClassA
SendMessageA
IsWindow
CreateWindowExA
RegisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
keybd_event
mouse_event
GetDC
DestroyWindow
GetActiveWindow

gdi32

GetObjectA
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteObject
DeleteDC
GetDIBits

advapi32

QueryServiceConfigA
EnumServicesStatusA
RegEnumKeyExA
LookupAccountSidA
GetTokenInformation
DeleteService
ControlService
OpenServiceA
QueryServiceStatus
StartServiceA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ChangeServiceConfig2A
CreateServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceConfig2A

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

urlmon

URLDownloadToFileA

shlwapi

StrCmpNIA
SHDeleteKeyA

wsock32

socket
ioctlsocket
WSAAsyncSelect
gethostbyname
gethostname
closesocket
htons
connect
send
recv
WSAStartup

Exports

Exports

MAINSYSHook
MAINSYSTest
MAINSYSresorce
ServiceMain
Setup

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bd287b7f3283d5759d216826868b18b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

urlmon

shlwapi

wsock32

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 1.5MB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 1.5MB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 12KB