44906cb1d101006dc0c1ed4608155c48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44906cb1d101006dc0c1ed4608155c48_JaffaCakes118
Size

92KB
MD5

44906cb1d101006dc0c1ed4608155c48
SHA1

e75125489d26b486a3cf9a8af03a153c8c522569
SHA256

de8a5713c48092250d2699da202d6218ddc92687c3b0b295634f5429ed2356fe
SHA512

bdfa302c990cb1e2102858f0cb40ee406aa2650887ea93b6791964e03bbc3d010c5eda3e1b0c4dcc7e8acad6949f585ef6e918d3ce2afb34fbbe6fd666578e0f
SSDEEP

1536:aoVlRF1Y3nXdhdLwaYBs8PKlKmb17ruhGPNQf5YT:3V7Y3nlZYBsVoEuENQf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44906cb1d101006dc0c1ed4608155c48_JaffaCakes118

Files

44906cb1d101006dc0c1ed4608155c48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ead2911df7bb71c21fdd5afb92843650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

exe\cnvpipe.pdb

Imports

kernel32

lstrcpyW
lstrcatW
GetCurrentDirectoryW
lstrcpynW
GetModuleFileNameW
GetModuleHandleW
Sleep
CopyFileW
WaitForMultipleObjects
GetPrivateProfileIntW
GetSystemInfo
lstrcmpiW
GetComputerNameW
DeleteFileW
HeapFree
MultiByteToWideChar
HeapAlloc
GetProcessHeap
lstrlenA
LockResource
LoadResource
FindResourceW
lstrlenW
GetCommandLineW
PulseEvent
TerminateThread
CreateThread
TerminateProcess
GetFileSize
FlushFileBuffers
GetExitCodeProcess
SuspendThread
ResumeThread
WriteFile
WideCharToMultiByte
SetFilePointer
ReadFile
CreateProcessW
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
ExitProcess
GetPrivateProfileStringW
WaitForSingleObject
CloseHandle
OpenEventW
CreateEventW
GetLastError
ResetEvent
FreeLibrary
WinExec
LoadLibraryW
GetSystemTimeAsFileTime

user32

wsprintfA
wsprintfW
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
WaitForInputIdle
MessageBoxW
LoadStringW

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW

shell32

CommandLineToArgvW

cnvrem

?Connect@ConvertRemote@@QAEKPAG@Z
?GetSQLVersion@ConvertRemote@@QAEKPAK@Z
?TerminateProcess@ConvertRemote@@QAEKKK@Z
?DisConnect@ConvertRemote@@QAEKXZ
?RegisterDLL@ConvertRemote@@QAEKPAG00PAK@Z
?CloseHandle@ConvertRemote@@QAEKK@Z
?CloseFile@ConvertRemote@@QAEKKPAH@Z
?WaitForSingleObject@ConvertRemote@@QAEKKK@Z
?CreateProcessW@ConvertRemote@@QAEKPAGPAU_PROCESS_INFORMATION@@PAU_STARTUPINFOW@@0PAK33@Z
?GetExitCodeProcess@ConvertRemote@@QAEKKPAK@Z
?SuspendThread@ConvertRemote@@QAEKKPAK@Z
?ResumeThread@ConvertRemote@@QAEKKPAK@Z
?WaitForInputIdle@ConvertRemote@@QAEKKKPAK@Z
?WaitForEvent@ConvertRemote@@QAEKPAGPAK@Z
?GetNumProcessors@ConvertRemote@@QAEKPAK@Z

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
__p___initenv
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_except_handler3
__security_error_handler
fprintf
exit
fwprintf
_iob
??2@YAPAXI@Z
fflush
_wcsicmp
wcscpy
wcscat
??3@YAXPAX@Z
wcslen
wcsrchr
__CxxFrameHandler
wprintf
_stricmp
_wtoi
_wstrdate
_wstrtime

Exports

Exports

??0ConvertRemote@@QAE@XZ
??1ConvertRemote@@QAE@XZ
??4ConvertRemote@@QAEAAV0@ABV0@@Z
?RpcCallFailed@ConvertRemote@@QAEHXZ

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ead2911df7bb71c21fdd5afb92843650

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

cnvrem

msvcr71

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 52KB - Virtual size: 52KB