5507e21d6b74915fda3a13c8177f06d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5507e21d6b74915fda3a13c8177f06d7_JaffaCakes118
Size

112KB
MD5

5507e21d6b74915fda3a13c8177f06d7
SHA1

2ceeb393ab07acf50316d852ee6583197a5d3b08
SHA256

14219fb9f8a41650668e7b946fde7cf0c5a70e7b121d9bacb52350a67b29743f
SHA512

f6ec776b6061e0cdfff254e2346b52e4ddd973333843065e67cccfdb13bf4293e55e57f31d1eb9728da66a2e9cfdb80f72a030ea8365afc3b30cb7b615bf7952
SSDEEP

1536:Ufs7bshgOnw4qqUbbR1TrSK0mvFDbcLOi4NUocVkxmjsxtXZ3i6EBx/:Ufs7AcPbSK0eaH4tx0sxtX+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5507e21d6b74915fda3a13c8177f06d7_JaffaCakes118

Files

5507e21d6b74915fda3a13c8177f06d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

046581f38f65da5d85e458e8d9483648

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\程式\LWC\bin\WinCheck.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

shlwapi

StrRetToBufW

kernel32

SetFileAttributesW
MultiByteToWideChar
OutputDebugStringW
WideCharToMultiByte
CreateProcessW
GetLastError
OpenProcess
DeleteFileW
CopyFileW
GetModuleFileNameW
OpenMutexW
CreateMutexW
Sleep
CreateFileW
GetFileSize
CloseHandle
CreateThread
CreateEventW
TerminateProcess
SetEvent
WaitForSingleObject
LCMapStringW
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CreateFileA
ReadFile
SetEndOfFile
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
FlushFileBuffers
SetStdHandle
WriteConsoleW
LCMapStringA
GetSystemTimeAsFileTime
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
GetFileAttributesW
GetVersionExA
GetProcessHeap
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

LoadStringW
GetForegroundWindow
SendMessageW
GetWindowThreadProcessId
GetClassNameW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowW
LoadAcceleratorsW
CallWindowProcW
PostQuitMessage
SendInput
SetTimer
UpdateWindow
ShowWindow
SetWindowLongW
GetWindowLongW
CreateWindowExW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

ws2_32

socket
recv
send
connect
inet_addr
gethostbyname
closesocket
WSAStartup
WSACleanup
htonl
htons
bind
WSAGetLastError

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

046581f38f65da5d85e458e8d9483648

Headers

File Characteristics

PDB Paths

Imports

psapi

shlwapi

kernel32

user32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 10KB