0dfba513fe5c1146ce5091e17a480507_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0dfba513fe5c1146ce5091e17a480507_JaffaCakes118
Size

76KB
MD5

0dfba513fe5c1146ce5091e17a480507
SHA1

44eafecb2ef7e64e1b269a444743c2130ae34180
SHA256

7e5995db9c3e2d325bf07e44a4df14908ce2d86561bb6105429c2a2245b755ca
SHA512

e21e33fbbd76f19036fed56445ed4fa9718294e12ecb247182bac17b4ccb82ef521bf113ffe9cc4cc3105bd64bf0022c0b90000b3b7641485e299df7aa785a91
SSDEEP

1536:vG6vAjZKQ6EPXpIgxbkOdFQ4WEYhMjhbLCkeMlM:s9KQ68OINdLBsMl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dfba513fe5c1146ce5091e17a480507_JaffaCakes118

Files

0dfba513fe5c1146ce5091e17a480507_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b3e1d79d8b598f201aed01cd8c2e060

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\我的文档\桌面\去生成器\去生成器\修改远程读取\远程读取\远程读取\Release\cpato.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyA

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
__p___initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
__security_error_handler
printf
??3@YAXPAX@Z
atoi
strstr
??2@YAPAXI@Z
sprintf
fopen
fwrite
fclose
_except_handler3

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateDirectoryA
SetFileAttributesA
CreateMutexA
GetLastError
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
VirtualFree
CreateThread
ExitProcess
GetTempFileNameA
CopyFileA
LoadLibraryA
SizeofResource
WriteFile
GetStartupInfoA
FreeLibrary
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
Sleep
DeleteFileA
CreateToolhelp32Snapshot
Process32First
TerminateProcess
VirtualAlloc
LockResource
LoadResource
FindResourceA
GetProcAddress
GetModuleHandleA
GetSystemDirectoryA
GetVolumeInformationA
CloseHandle
GetCurrentProcess
GetModuleFileNameA
Process32Next
GetFileSize
CreateFileA
OpenProcess

user32

GetWindowThreadProcessId
wsprintfA
FindWindowA

shell32

ShellExecuteA

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

netapi32

Netbios

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b3e1d79d8b598f201aed01cd8c2e060

Headers

File Characteristics

PDB Paths

Imports

advapi32

msvcr71

kernel32

user32

shell32

wininet

netapi32

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 56KB - Virtual size: 53KB