4551591962ecfd6068de1b776e4f7310_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4551591962ecfd6068de1b776e4f7310_JaffaCakes118
Size

938KB
MD5

4551591962ecfd6068de1b776e4f7310
SHA1

161d5bd35e0d8ad4710923284be3114635584228
SHA256

3b5fe3c1c05aabe3e9346e91014eb34c841b96d0782579bc8571cd29b5f791d5
SHA512

f3e1a62c03371cf9f68be240aa9217fee3daa5ae0b547777ab0a8e5a9ad12fddb40a045e2ccc17507136c737a3af4e5a76e03a9ec90bfff3c0bdf12cf0060b0a
SSDEEP

24576:SGzELYZvpqVTTc9KlXUvKPOqGQVEwwss83RfqCE/SRVb:nZvpwU9KlXUvClmZss8h/Tv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TENDA TFTP.exe

Files

4551591962ecfd6068de1b776e4f7310_JaffaCakes118
.rar
TENDA TFTP.exe
.exe windows:4 windows x86 arch:x86

bbf744236717540f605b426efa0d152d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcpynA
LocalFree
FormatMessageA
GetLastError
SetFilePointer
CreateFileA
GetFileSize
lstrcmpiA
ReadFile
WriteFile
DeleteFileA
FindClose
FindNextFileA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
lstrcmpA
SetCurrentDirectoryA
ReleaseMutex
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
SetLastError
GetDriveTypeA
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringA
GetCPInfo
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
CloseHandle
lstrcpyA
GetFullPathNameA
GetCurrentThreadId
CompareStringW
GetCurrentDirectoryA

user32

DialogBoxParamA
GetDC
ReleaseDC
CreateWindowExA
RegisterClassA
GetClassInfoA
GetClientRect
MoveWindow
GetDlgItemInt
SetDlgItemInt
FindWindowA
UnregisterClassA
DefWindowProcA
GetParent
PostMessageA
KillTimer
SendMessageA
SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindowVisible
UnhookWindowsHookEx
MessageBoxA
SetWindowsHookExA
GetWindowLongA
wvsprintfA
wsprintfA
SetTimer
GetDlgItem
MessageBeep
DestroyWindow
GetDialogBaseUnits
WinHelpA
DestroyIcon
GetSystemMenu
CheckMenuItem
LoadIconA
SetClassLongA
AppendMenuA
SetWindowLongA
GetSystemMetrics
GetCursorPos
TrackPopupMenu
SetForegroundWindow
CreateDialogParamA
GetDlgItemTextA
EnableWindow
SendDlgItemMessageA
EndDialog
SetDlgItemTextA
InvalidateRect
GetWindowTextA
SetWindowTextA
ShowWindow
MapDialogRect

gdi32

LPtoDP
GetTextExtentPoint32A

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

wsock32

WSACleanup
WSAStartup
gethostname
WSAAsyncGetHostByName
sendto
gethostbyname
connect
recvfrom
WSAGetLastError
inet_addr
ioctlsocket
closesocket
send
ntohs
recv
WSAAsyncSelect
socket
htons
bind

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
upgrade.bin
路由器升级说明.txt

Sharing

General

Malware Config

Signatures

Files

bbf744236717540f605b426efa0d152d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

wsock32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 7KB