103c32293e309c286ef31ed4f7db6b90_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

103c32293e309c286ef31ed4f7db6b90_JaffaCakes118
Size

13KB
MD5

103c32293e309c286ef31ed4f7db6b90
SHA1

5a0f92eecc91808d3b266b705b537a5f476b5cb1
SHA256

83165a44808ec4cb0a607d363c95c8a8e89e475d9d64d61e6c10dd2eeab3d0ce
SHA512

5c25a11e32e7f732a19eb92c5dc243cf506e0812f2d08287b77730fc953672a4a2f683f915742773311bc93c970d8e90b48fa130bb36333bb3bd08f63ad44fd7
SSDEEP

192:JhfKzagZLLGK+RIHCfd0wRPyVnHh1HvgxeCXWBmBfYj1V0HIsvGBM:u2dKxYbFUnHD+eMvYjYHPSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
103c32293e309c286ef31ed4f7db6b90_JaffaCakes118

Files

103c32293e309c286ef31ed4f7db6b90_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dd781fb5094555b3125f5feafae54699

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\WORK 源码\qqxx\Release\qqxx.pdb

Imports

kernel32

GetFileSize
SetFilePointer
VirtualAlloc
ReadFile
LoadLibraryW
VirtualFree
ExpandEnvironmentStringsW
GetProcAddress
VirtualProtect
GetTempPathA
Sleep
TerminateProcess
lstrcpyA
WritePrivateProfileStringA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
OpenProcess
GetPrivateProfileStringA
IsBadReadPtr
lstrlenA
GetCommandLineA
GetLocalTime
OutputDebugStringA
GlobalFree
GlobalAlloc
CreateThread
ExitProcess
CloseHandle
GetModuleHandleA
GetModuleFileNameA
CopyFileA
lstrcatA
GetSystemDirectoryA
CreateFileA

user32

FindWindowA
GetWindowTextA
wsprintfA
CharLowerA

ws2_32

htons
inet_addr
socket
WSAStartup
recv
WSCEnumProtocols
closesocket
WSCGetProviderPath
send
connect

shlwapi

PathFileExistsA
PathRemoveFileSpecA

msvcrt

memset
strstr
wcsstr
_stricmp
memcpy

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

Exports

Exports

WSPStartup
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd781fb5094555b3125f5feafae54699

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB