fb1016d9cdb6f5d41dc4afc0c2b1403e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb1016d9cdb6f5d41dc4afc0c2b1403e_JaffaCakes118
Size

16KB
MD5

fb1016d9cdb6f5d41dc4afc0c2b1403e
SHA1

5650a8a216fad383ffc1a10d65fc69d8a1b3be79
SHA256

2a477c5a4fa45636b4c49cd2a54b6f3a2832ec81b7040b78ef23a69ae4b6a871
SHA512

824dbc4bc395869eead31865e58d3355e2291163b20766fb5cfb38cdd84d2796db1133052bdde2a6d4c24408e826f550741e43e221b13278c84b3cc2e3908382
SSDEEP

192:2KUEa7rVroeAfuPKxlHKl4mzueGUsaS8feA/eiP6djOiPnBkVyeQyK01T9qtUidd:2KPa7N43bAsR8feAevMIdyK0F9wTdj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb1016d9cdb6f5d41dc4afc0c2b1403e_JaffaCakes118

Files

fb1016d9cdb6f5d41dc4afc0c2b1403e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

69207cfc3dd4c2a25a5fbd308b0af5bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\工作目录\工程\北方\0111\0.7\远程线程\opendll\Release\opendll.pdb

Imports

kernel32

LoadLibraryA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
Sleep
WinExec
GetWindowsDirectoryA
CopyFileA
WritePrivateProfileStringA
DeleteFileA
SetFileAttributesA
GetProcAddress
GetModuleFileNameA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
FindClose
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
FindFirstFileA
GetPrivateProfileStringA
GetSystemTimeAsFileTime

user32

FindWindowA
GetWindowThreadProcessId

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

netapi32

Netbios

msvcr71

_onexit
__dllonexit
strncat
strncpy
printf
sprintf
strchr
_ultoa
_except_handler3
_beginthread
__security_error_handler
free
_initterm
malloc
_adjust_fdiv
__CppXcptFilter

Exports

Exports

??0Copendll@@QAE@XZ
??4Copendll@@QAEAAV0@ABV0@@Z
?fnopendll@@YAHXZ
?nopendll@@3HA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69207cfc3dd4c2a25a5fbd308b0af5bd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

netapi32

msvcr71

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 1KB - Virtual size: 1KB