16b43848b5d809a936e6da3f4e13bdb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16b43848b5d809a936e6da3f4e13bdb0_JaffaCakes118
Size

220KB
MD5

16b43848b5d809a936e6da3f4e13bdb0
SHA1

53012e8072c3f107635ccd6fb286094ac2ae32e0
SHA256

2afbb0f5fd455c0a1e998be1d80b4b25b0d1acf10bda8ed4f4185f75d908ba54
SHA512

58424ff2fcd8ebe8ba335402366e00233c7fb83494a0d5e3c1f9bc517e0b14a6f7f5986382e9b03ea9a99feb04a3c67e6b8ca8697b75127439c943d04a68c483
SSDEEP

3072:N40SfxuOGJ/kB70fLDSzYFDlV+fD7sUtLpIxQxFruvxfGTM5A23hBuGljHXRNp97:ntOGdNYBf7xFwfGo5AqNBNP4W7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/regbd/regbd/bin/regbd.exe
unpack001/regbd/regbd/src/driver.sys

Files

16b43848b5d809a936e6da3f4e13bdb0_JaffaCakes118
.rar
regbd/regbd/bin/regbd.exe
.exe windows:4 windows x86 arch:x86

d737fdff5f74bc596797d53510328b68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
CloseHandle
SuspendThread
ResumeThread
OpenThread
GetCurrentThreadId
Thread32First
CreateToolhelp32Snapshot
GetModuleFileNameA
WinExec
LoadLibraryA
ExitThread
TerminateProcess
WriteFile
ReadFile
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
CreatePipe
CreateThread
MultiByteToWideChar
UnmapViewOfFile
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
CopyFileA
MoveFileA
GetCurrentProcessId
DeleteFileA
Sleep
Process32Next
lstrcmpiA
Process32First
VirtualFree
OpenProcess
GetEnvironmentVariableA
CreateFileW
GetVersion
DeviceIoControl
GetSystemDirectoryA
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
VirtualProtect
IsBadReadPtr
VirtualAlloc
GetCurrentProcess
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WideCharToMultiByte
FlushViewOfFile
CreateRemoteThread

advapi32

DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
ControlService

ws2_32

closesocket
ioctlsocket
recv
send
WSACleanup
accept
listen
bind
socket
htons
WSAStartup

urlmon

URLDownloadToFileA

ntdll

NtQuerySystemInformation

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
regbd/regbd/readme.txt
regbd/regbd/src/BIN2TEXT.EXE
regbd/regbd/src/DRIVER.C
regbd/regbd/src/apihook.cpp
regbd/regbd/src/apihook.h
regbd/regbd/src/backdoor.cpp
regbd/regbd/src/backdoor.h
regbd/regbd/src/driver.cpp
regbd/regbd/src/driver.h
regbd/regbd/src/driver.sys
.sys windows:5 windows x86 arch:x86

d4b60a956b3d0ff4375579770e963cae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\dev\new\regbd\src\driver.pdb

Imports

ntoskrnl.exe

DbgPrint
KeServiceDescriptorTable
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
swprintf

Sections

.text
Size: 896B - Virtual size: 792B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 276B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regbd/regbd/src/driver/MAKEFILE
regbd/regbd/src/driver/SOURCES
regbd/regbd/src/driver/comm.h
regbd/regbd/src/driver/debug.h
regbd/regbd/src/driver/driver.c
regbd/regbd/src/main.h
regbd/regbd/src/mkdrv.bat
regbd/regbd/src/ntdll.h
regbd/regbd/src/ntdll.lib
regbd/regbd/src/regbd.cpp
regbd/regbd/src/regbd.ncb
regbd/regbd/src/regbd.sln
regbd/regbd/src/regbd.suo
regbd/regbd/src/regbd.vcproj
.xml
regbd/regbd/src/sst.cpp
regbd/regbd/src/sst.h
regbd/regbd/src/zdisasm.cpp
regbd/regbd/src/zdisasm.h
优秀投稿动画奖励计划.txt
红色黑客联盟软件说明.htm
.html
红色黑客软件使用帮助.txt
黑客速成.url

Sharing

General

Malware Config

Signatures

Files

d737fdff5f74bc596797d53510328b68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

urlmon

ntdll

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 3KB - Virtual size: 3KB

d4b60a956b3d0ff4375579770e963cae

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 896B - Virtual size: 792B

.rdata Size: 256B - Virtual size: 132B

.data Size: 128B - Virtual size: 24B

INIT Size: 384B - Virtual size: 276B

.reloc Size: 128B - Virtual size: 82B

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 3KB

.text
Size: 896B - Virtual size: 792B

.rdata
Size: 256B - Virtual size: 132B

.data
Size: 128B - Virtual size: 24B

INIT
Size: 384B - Virtual size: 276B

.reloc
Size: 128B - Virtual size: 82B