f083d6ecd7645c943452a3664c69cac3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f083d6ecd7645c943452a3664c69cac3_JaffaCakes118
Size

604KB
MD5

f083d6ecd7645c943452a3664c69cac3
SHA1

cd6301a07f66fbb165e0bd60baf27e49be8ccd70
SHA256

e55c5ffc8b4cc6e2ff0df002ef176685c532df7d0857cc1e4f60bc43db559f8c
SHA512

8a9f3d4ac1815ec70743d2477ed8381d20d647ce11fd87e4f86a05f35ec98dbda7b4e31081467813249d3a6ae8bc21d0b83daaf8c71e764e8a97b2352756a40e
SSDEEP

12288:WFgdYYhiRosidTz1d05C3Au4tzjEF6dX7Oz8nzaAzQQehm6ZAR2M73115u:15t6h04dXTzaAzQQehw11M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f083d6ecd7645c943452a3664c69cac3_JaffaCakes118

Files

f083d6ecd7645c943452a3664c69cac3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37845c5d2c48a321ad7232feacdaf713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\淘金网盟支线\淘金去管理端版本\Source\Bin\Release\TpspNoSvr_EXE\TpspNoSvr_EXE.pdb

Imports

wldap32

ord45
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord60
ord22

kernel32

MultiByteToWideChar
GetComputerNameA
Process32First
GetProcessTimes
OpenProcess
FileTimeToSystemTime
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
FileTimeToLocalFileTime
OutputDebugStringW
FormatMessageA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GlobalAlloc
SetLastError
GlobalFree
FreeLibrary
GetModuleHandleW
LoadLibraryW
CreateFileW
SetFilePointer
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
CreateDirectoryA
GetCurrentDirectoryA
LocalFileTimeToFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateProcess
OpenMutexA
CreateMutexA
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
WideCharToMultiByte
ExpandEnvironmentStringsA
WaitForSingleObject
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
GetFileSizeEx
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetCurrentProcess
GetProcAddress
LoadLibraryA
InterlockedExchange
InterlockedCompareExchange
GetTempPathA
SetEnvironmentVariableA
CloseHandle
GetModuleHandleA
VirtualAlloc
GetLastError
ReadFile
WriteFile
GetSystemTimeAsFileTime
VirtualFree
GetTickCount
GetFileSize
CreateFileA
Sleep
FindClose
CreateThread
ExitThread
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetDriveTypeA
FindFirstFileExA
GetFileInformationByHandle
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
GetACP
GetOEMCP
GetStdHandle
DecodePointer
EncodePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsValidCodePage

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey

ws2_32

ntohl
htonl
ioctlsocket
getaddrinfo
freeaddrinfo
listen
accept
getpeername
getsockopt
ntohs
WSAIoctl
select
__WSAFDIsSet
WSASetLastError
send
recv
WSACleanup
connect
inet_addr
getsockname
gethostbyname
gethostname
inet_ntoa
WSAStartup
recvfrom
WSAGetLastError
htons
setsockopt
sendto
bind
socket
closesocket

shlwapi

PathFileExistsA
PathAddBackslashA

crypt32

CertCloseStore
CertFindCertificateInStore
CryptStringToBinaryA
CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringA
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateContext

iphlpapi

SendARP
GetIpForwardTable
GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37845c5d2c48a321ad7232feacdaf713

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

kernel32

user32

advapi32

ws2_32

shlwapi

crypt32

iphlpapi

version

Sections

.text Size: 465KB - Virtual size: 464KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 465KB - Virtual size: 464KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB