Static task
static1
Behavioral task
behavioral1
Sample
NCSentry2kBS/NCSentry2kBS.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
NCSentry2kBS/NCSentry2kBS.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
NCSentry2kBS/NCsentry2K操作说明.doc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
NCSentry2kBS/NCsentry2K操作说明.doc
Resource
win10v2004-20241007-en
General
-
Target
3db132a0f5393f5e73fbdc04236e21f3_JaffaCakes118
-
Size
1.6MB
-
MD5
3db132a0f5393f5e73fbdc04236e21f3
-
SHA1
68eabc0745976d0716e3a6e444b63bdd50b9a8b5
-
SHA256
3e95c08db1d86baa23c43ba276257079692d26f4268a0039abbdfccb7b155bdc
-
SHA512
92567b8fa808a1de520c1c2b05abe3b96711a4dbf34673422fa5e16960faa6105c9d0749ee540d82149d11b9781c2d736db66d09d08a1e2ea26f652a45357442
-
SSDEEP
24576:nfzvmpS2a3436Dh1LLoPgZmJHmyWENgDsDgKoqcBMPmG+nj1T668jYdevzt:nfjmpS2Uhh1vSGy3NgDdJEU9UMdeR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/NCSentry2kBS/NCSentry2kBS.exe
Files
-
3db132a0f5393f5e73fbdc04236e21f3_JaffaCakes118.rar
-
NCSentry2kBS/DOD.NFO
-
NCSentry2kBS/FANUC.MNC
-
NCSentry2kBS/FILE_ID.DIZ
-
NCSentry2kBS/NCSentry2kBS.exe.exe windows:4 windows x86 arch:x86
a98b2dd525ca190390f4eba80d6e7e6b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
opengl32
glGetDoublev
glPopMatrix
glTranslated
glScaled
glLoadIdentity
glPushMatrix
glEnd
glVertex3f
glColor3f
glBegin
glEndList
glTexParameteri
glNewList
glGenLists
glDisable
glColor3d
glCallList
glEnable
glVertex3d
glLightfv
glClearDepth
glClearColor
glTexEnvi
glViewport
glMatrixMode
glOrtho
glLineStipple
glRotated
glPixelStorei
glFinish
glClear
wglMakeCurrent
wglCreateContext
wglDeleteContext
glDeleteLists
glTranslatef
glLineWidth
glGetError
glGetString
wglGetCurrentDC
wglGetCurrentContext
glLoadMatrixd
glPolygonMode
glNormal3d
glColorMaterial
glTexImage2D
glTexImage1D
glu32
gluPerspective
gluQuadricDrawStyle
gluPartialDisk
gluSphere
gluQuadricOrientation
gluCylinder
gluNewQuadric
gluQuadricTexture
gluQuadricNormals
kernel32
TlsSetValue
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
FindNextFileA
GlobalFlags
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileSize
LocalFileTimeToFileTime
EnterCriticalSection
CopyFileA
lstrlenW
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
TerminateProcess
HeapSize
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetProfileIntA
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetProfileStringA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcpynA
SetLastError
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
_lopen
_llseek
_lread
_lclose
GetModuleHandleA
LocalAlloc
LocalFree
GetEnvironmentVariableA
GetVersion
SetErrorMode
GetCurrentProcessId
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
PurgeComm
Sleep
DeleteFileA
WinExec
SetCurrentDirectoryA
lstrcpyA
GetModuleFileNameA
CreateThread
SetThreadPriority
GetCommTimeouts
SetCommTimeouts
EscapeCommFunction
GetLastError
GetCommState
SetCommState
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GlobalAlloc
ReadFile
CreateFileA
WriteFile
CloseHandle
GetFileInformationByHandle
SystemTimeToFileTime
user32
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
EnableMenuItem
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
wsprintfA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowPos
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsWindowEnabled
CallWindowProcA
GetWindow
FindWindowA
GetSysColorBrush
DrawIcon
RegisterClassA
CreateWindowExA
ShowWindow
BeginPaint
SetMenuItemBitmaps
CheckMenuItem
LoadImageA
ClientToScreen
TranslateAcceleratorA
UpdateWindow
GetDlgItem
GetWindowLongA
SetWindowLongA
IsWindowVisible
GetSystemMetrics
TranslateMessage
DispatchMessageA
PeekMessageA
DestroyAcceleratorTable
CreateAcceleratorTableA
CopyRect
LoadBitmapA
DrawEdge
InflateRect
OffsetRect
SetRect
ClipCursor
PtInRect
InvertRect
PostMessageA
GrayStringA
DrawTextA
TabbedTextOutA
GetDC
ReleaseDC
GetFocus
GetCursorPos
ScreenToClient
IntersectRect
IsWindow
GetClassInfoA
DefWindowProcA
GetSysColor
SystemParametersInfoA
WinHelpA
GetParent
GetWindowRect
FillRect
SetTimer
LoadIconA
KillTimer
SendMessageA
GetKeyState
SetActiveWindow
InvalidateRect
GetCapture
SetCursor
ReleaseCapture
SetCapture
GetClientRect
LoadCursorA
EnableWindow
PostThreadMessageA
RegisterClipboardFormatA
GetTabbedTextExtentA
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
LockWindowUpdate
GetDCEx
GetMenuStringA
InsertMenuA
DestroyIcon
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyWindow
UnregisterClassA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
GetSystemMenu
DeleteMenu
AppendMenuA
SetParent
IsZoomed
WindowFromPoint
GetMessageA
ValidateRect
LoadStringA
IsRectEmpty
IsClipboardFormatAvailable
CharUpperA
DestroyCursor
SetCursorPos
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
DestroyMenu
GetDesktopWindow
LoadAcceleratorsA
RedrawWindow
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
BringWindowToTop
EndPaint
GetWindowDC
wvsprintfA
RegisterWindowMessageA
GetActiveWindow
SetRectEmpty
GetScrollRange
HideCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetCaretPos
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CreatePopupMenu
CloseClipboard
CreateCaret
ShowCaret
OpenClipboard
GetClipboardData
DestroyCaret
IsCharAlphaNumericA
gdi32
CreatePalette
GetPixelFormat
StartDocA
DeleteEnhMetaFile
GetStockObject
ChoosePixelFormat
RealizePalette
SwapBuffers
StretchDIBits
SetPixelFormat
DescribePixelFormat
SetMapMode
StartPage
GetDeviceCaps
CreateCompatibleDC
CreateDIBitmap
EndPage
EndDoc
DeleteDC
CreateSolidBrush
SetROP2
CreatePen
SelectObject
MoveToEx
LineTo
Escape
AbortDoc
CreateFontA
CreateDIBSection
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateFontIndirectA
GetTextMetricsA
GetObjectA
GetTextExtentPoint32A
RectVisible
TextOutA
PtVisible
GetTextExtentPointA
Ellipse
GetTextFaceA
GetROP2
GetWindowOrgEx
GetTextAlign
GetPolyFillMode
GetCurrentObject
Rectangle
GetDIBColorTable
CreateHalftonePalette
SelectPalette
GetBitmapDimensionEx
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DPtoLP
SetAbortProc
CreateDCA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
ExtTextOutA
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
SetTextAlign
GetWindowExtEx
GetBkMode
GetCurrentPositionEx
CreateRectRgn
GetViewportExtEx
CombineRgn
CreatePatternBrush
PatBlt
CreateRectRgnIndirect
GetMapMode
SetRectRgn
CopyMetaFileA
GetCharWidthA
GetViewportOrgEx
LPtoDP
GetTextColor
GetBkColor
GetNearestColor
GetStretchBltMode
comdlg32
PrintDlgA
GetOpenFileNameA
GetFileTitleA
ChooseFontA
CommDlgExtendedError
ChooseColorA
ReplaceTextA
FindTextA
GetSaveFileNameA
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
advapi32
SetFileSecurityA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
GetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
shell32
ExtractIconA
SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
comctl32
ImageList_AddMasked
ImageList_Draw
ord17
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
oledlg
ord8
ole32
OleGetClipboard
DoDragDrop
RegisterDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoLockObjectExternal
OleSetClipboard
ReleaseStgMedium
CoTaskMemAlloc
RevokeDragDrop
CLSIDFromProgID
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
OleDuplicateData
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
OleUninitialize
olepro32
ord253
oleaut32
SysAllocString
SysStringLen
VariantChangeType
VariantCopy
SysAllocStringByteLen
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
Sections
.text Size: 589KB - Virtual size: 589KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
NCSentry2kBS/NCsentry2K操作说明.doc.doc windows office2003