0b21d4b0875436dd3c248c64984f6709_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b21d4b0875436dd3c248c64984f6709_JaffaCakes118
Size

1.1MB
MD5

0b21d4b0875436dd3c248c64984f6709
SHA1

30f25e8b05f2b70766b4d16d25aaf90bb81a9a6f
SHA256

71f3079feb237d989e185abd7f4e40f3b09de6e2c435a2427ea86fec8022e6ee
SHA512

b4bcf61ba807b128f7e989e7e60460d35026939e3c1bb68de58b4327ff38f31fa5acdb492e486b49edec3b60ef12188c8c2c8e0bcf94d4219875594ddd79a678
SSDEEP

24576:AI0NNHfvILLKj8jbchXmVmHGuLzqNAEs:iNSjbq8mmyzqNb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b21d4b0875436dd3c248c64984f6709_JaffaCakes118

Files

0b21d4b0875436dd3c248c64984f6709_JaffaCakes118
.exe windows:4 windows x86 arch:x86

918945066df3939576effc8f4c6b4786

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\unrealircd\Unreal3.2\WIRCD.pdb

Imports

kernel32

LCMapStringW
LCMapStringA
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
CompareStringW
CompareStringA
FlushFileBuffers
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
InterlockedExchange
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
SetStdHandle
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualProtect
WideCharToMultiByte
RtlUnwind
UnhandledExceptionFilter
GetCurrentThread
GetVersionExA
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
DeleteCriticalSection
GetDriveTypeA
WriteFile
SetUnhandledExceptionFilter
GlobalMemoryStatus
GetCurrentProcess
GetEnvironmentStringsW
GetCurrentProcessId
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
ReadFile
GetCommandLineA
GetStartupInfoA
DeleteFileA
HeapReAlloc
GetTimeZoneInformation
CreateThread
ResumeThread
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
TerminateProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
FreeLibrary
GetProcAddress
GetStdHandle
lstrlenA
LoadLibraryA
lstrcpyA
Sleep
FindNextFileA
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateFileA
SetFileTime
CloseHandle
CreateMutexA
GetLastError
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
ExitProcess
FindFirstFileA
FindClose
TlsGetValue
GetLocaleInfoW

user32

SetCursor
LoadCursorA
TrackPopupMenu
GetParent
GetWindowLongA
EnableMenuItem
SendMessageA
ClientToScreen
GetClientRect
DispatchMessageA
TranslateMessage
IsDialogMessageA
IsWindow
GetMessageA
ShowWindow
CreateDialogParamA
RegisterWindowMessageA
DialogBoxParamA
GetMenuStringA
AppendMenuA
CallWindowProcA
DestroyMenu
GetCursorPos
SetForegroundWindow
DestroyWindow
SetWindowTextA
ModifyMenuA
GetSubMenu
LoadMenuA
EndDialog
SetWindowLongA
GetDlgItem
wsprintfA
DrawFocusRect
CopyRect
DrawTextA
FillRect
GetSysColorBrush
GetWindowTextA
CreateWindowExA
GetDlgItemInt
ChangeClipboardChain
LoadImageA
MessageBoxA
CreatePopupMenu
MessageBeep
SetDlgItemTextA
DrawEdge
SetDlgItemInt
SetTimer
SetFocus
SetClipboardViewer
GetWindowRect
SetWindowPos

gdi32

CreateFontA
SetTextColor
DeleteObject
CreateSolidBrush

shell32

ShellExecuteA
Shell_NotifyIconA

ws2_32

WSAGetLastError
send
inet_ntoa
inet_addr
closesocket
WSAStartup
connect
htons
bind
getsockname
socket
ntohs
getpeername
recv
WSACleanup
getsockopt
listen
setsockopt
ioctlsocket
accept
__WSAFDIsSet
select
ntohl
htonl
recvfrom
sendto
gethostname
WSASetLastError

advapi32

ControlService
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA
QueryServiceStatus
StartServiceA
CloseServiceHandle
SetServiceStatus
OpenSCManagerA
OpenServiceA
CryptAcquireContextA
RegisterServiceCtrlHandlerA
CryptCreateHash

dbghelp

SymGetSymFromAddr
SymGetLineFromAddr
SymInitialize
SymSetOptions
SymGetModuleInfo
SymGetModuleBase
SymFunctionTableAccess
StackWalk

comctl32

ord17
ord6
CreateToolbarEx

comdlg32

FindTextA
GetSaveFileNameA

tre

ord6
ord4
ord5
ord3

Exports

Exports

htm_config_run
htm_config_test
htm_stats
m_addline
m_addline_Init
m_addline_Load
m_addline_Unload
m_addmotd
m_addmotd_Init
m_addmotd_Load
m_addmotd_Unload
m_addomotd
m_addomotd_Init
m_addomotd_Load
m_addomotd_Unload
m_admin
m_admin_Init
m_admin_Load
m_admin_Unload
m_adminchat_Init
m_adminchat_Load
m_adminchat_Unload
m_admins
m_akill
m_akill_Init
m_akill_Load
m_akill_Unload
m_away
m_away_Init
m_away_Load
m_away_Unload
m_chatops
m_chatops_Init
m_chatops_Load
m_chatops_Unload
m_chghost
m_chghost_Init
m_chghost_Load
m_chghost_Unload
m_chgident
m_chgident_Init
m_chgident_Load
m_chgident_Unload
m_chgname
m_chgname_Init
m_chgname_Load
m_chgname_Unload
m_close
m_close_Init
m_close_Load
m_close_Unload
m_connect
m_connect_Init
m_connect_Load
m_connect_Unload
m_cycle
m_cycle_Init
m_cycle_Load
m_cycle_Unload
m_dccdeny
m_dccdeny_Init
m_dccdeny_Load
m_dccdeny_Unload
m_eos
m_eos_Init
m_eos_Load
m_eos_Unload
m_gline
m_globops
m_globops_Init
m_globops_Load
m_globops_Unload
m_guest
m_guest_Init
m_guest_Load
m_guest_Unload
m_gzline
m_help
m_help_Init
m_help_Load
m_help_Unload
m_htm
m_htm_Init
m_htm_Load
m_htm_Test
m_htm_Unload
m_invite
m_invite_Init
m_invite_Load
m_invite_Unload
m_ison
m_ison_Init
m_ison_Load
m_ison_Unload
m_kick
m_kick_Init
m_kick_Load
m_kick_Unload
m_kill
m_kill_Init
m_kill_Load
m_kill_Unload
m_knock
m_knock_Init
m_knock_Load
m_knock_Unload
m_lag
m_lag_Init
m_lag_Load
m_lag_Unload
m_links
m_links_Init
m_links_Load
m_links_Unload
m_list
m_list_Init
m_list_Load
m_list_Unload
m_locops
m_locops_Init
m_locops_Load
m_locops_Unload
m_map
m_map_Init
m_map_Load
m_map_Unload
m_message
m_message_Init
m_message_Load
m_message_Unload
m_mkpasswd
m_mkpasswd_Init
m_mkpasswd_Load
m_mkpasswd_Unload
m_nachat
m_nachat_Init
m_nachat_Load
m_nachat_Unload
m_netinfo
m_netinfo_Init
m_netinfo_Load
m_netinfo_Unload
m_nospoof
m_notice
m_oper
m_oper_Init
m_oper_Load
m_oper_Unload
m_pass
m_pass_Init
m_pass_Load
m_pass_Unload
m_ping
m_pingpong_Init
m_pingpong_Load
m_pingpong_Unload
m_pong
m_private
m_protoctl
m_protoctl_Init
m_protoctl_Load
m_protoctl_Unload
m_quit
m_quit_Init
m_quit_Load
m_quit_Unload
m_rakill
m_rakill_Init
m_rakill_Load
m_rakill_Unload
m_rping
m_rping_Init
m_rping_Load
m_rping_Unload
m_rpong
m_rules
m_rules_Init
m_rules_Load
m_rules_Unload
m_sajoin
m_sajoin_Init
m_sajoin_Load
m_sajoin_Unload
m_samode
m_samode_Init
m_samode_Load
m_samode_Unload
m_sapart
m_sapart_Init
m_sapart_Load
m_sapart_Unload
m_sdesc
m_sdesc_Init
m_sdesc_Load
m_sdesc_Unload
m_sendsno
m_sendsno_Init
m_sendsno_Load
m_sendsno_Unload
m_sendumode
m_sendumode_Init
m_sendumode_Load
m_sendumode_Unload
m_server
m_server_Init
m_server_Load
m_server_Unload
m_sethost
m_sethost_Init
m_sethost_Load
m_sethost_Unload
m_setident
m_setident_Init
m_setident_Load
m_setident_Unload
m_setname
m_setname_Init
m_setname_Load
m_setname_Unload
m_shun
m_silence
m_silence_Init
m_silence_Load
m_silence_Unload
m_sjoin
m_sjoin_Init
m_sjoin_Load
m_sjoin_Unload
m_spamfilter
m_sqline
m_sqline_Init
m_sqline_Load
m_sqline_Unload
m_squit
m_squit_Init
m_squit_Load
m_squit_Unload
m_stats
m_stats_Init
m_stats_Load
m_stats_Unload
m_svs2mode
m_svs2sno
m_svsfline
m_svsfline_Init
m_svsfline_Load
m_svsfline_Unload
m_svsjoin
m_svsjoin_Init
m_svsjoin_Load
m_svsjoin_Unload
m_svskill
m_svskill_Init
m_svskill_Load
m_svskill_Unload
m_svslusers
m_svslusers_Init
m_svslusers_Load
m_svslusers_Unload
m_svsmode
m_svsmode_Init
m_svsmode_Load
m_svsmode_Unload
m_svsmotd
m_svsmotd_Init
m_svsmotd_Load
m_svsmotd_Unload
m_svsnick
m_svsnick_Init
m_svsnick_Load
m_svsnick_Unload
m_svsnline
m_svsnline_Init
m_svsnline_Load
m_svsnline_Unload
m_svsnoop
m_svsnoop_Init
m_svsnoop_Load
m_svsnoop_Unload
m_svso
m_svso_Init
m_svso_Load
m_svso_Unload
m_svspart
m_svspart_Init
m_svspart_Load
m_svspart_Unload
m_svssilence
m_svssilence_Init
m_svssilence_Load
m_svssilence_Unload
m_svssno
m_svssno_Init
m_svssno_Load
m_svssno_Unload
m_svswatch
m_svswatch_Init
m_svswatch_Load
m_svswatch_Unload
m_swhois
m_swhois_Init
m_swhois_Load
m_swhois_Unload
m_tempshun
m_time
m_time_Init
m_time_Load
m_time_Unload
m_tkl_Init
m_tkl_Load
m_tkl_Unload
m_tkl_line
m_tkline
m_topic
m_topic_Init
m_topic_Load
m_topic_Unload
m_trace
m_trace_Init
m_trace_Load
m_trace_Unload
m_tsctl
m_tsctl_Init
m_tsctl_Load
m_tsctl_Unload
m_tzline
m_umode2
m_umode2_Init
m_umode2_Load
m_umode2_Unload
m_undccdeny
m_undccdeny_Init
m_undccdeny_Load
m_undccdeny_Unload
m_unkline
m_unkline_Init
m_unkline_Load
m_unkline_Unload
m_unsqline
m_unsqline_Init
m_unsqline_Load
m_unsqline_Unload
m_unzline
m_unzline_Init
m_unzline_Load
m_unzline_Unload
m_userhost
m_userhost_Init
m_userhost_Load
m_userhost_Unload
m_vhost
m_vhost_Init
m_vhost_Load
m_vhost_Unload
m_wallops
m_wallops_Init
m_wallops_Load
m_wallops_Unload
m_who
m_who_Init
m_who_Load
m_who_Unload
m_whois
m_whois_Init
m_whois_Load
m_whois_Unload
m_whowas
m_whowas_Init
m_whowas_Load
m_whowas_Unload
militime

Sections

.text
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918945066df3939576effc8f4c6b4786

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ws2_32

advapi32

dbghelp

comctl32

comdlg32

tre

Exports

Exports

Sections

.text Size: 696KB - Virtual size: 693KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 168KB - Virtual size: 1.3MB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 196KB - Virtual size: 195KB

.text
Size: 696KB - Virtual size: 693KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 168KB - Virtual size: 1.3MB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 196KB - Virtual size: 195KB