558cebb86a41306b0ed7a797de97244a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

558cebb86a41306b0ed7a797de97244a_JaffaCakes118
Size

212KB
MD5

558cebb86a41306b0ed7a797de97244a
SHA1

7ae1d4a0481c0cac8d6efe89abccc8132321ca0f
SHA256

a1d52ccf0b2d4f06bd8c07f6cba6b02b15d1f9212f302d492d8c09bf7e641210
SHA512

9369c7a6dc1f36eadea8cb2c957ee8a8d118e9e065b08df8e5ce96a6afb32a19851afe891816f1fdd99dc45398f959b46b46d39221b7fca35f4a99368250f78f
SSDEEP

3072:cnOgbwa//zAzLZ/hQvDRboZghqx3eRAlsHLJvDI0OnGdyX3Ht0SGiWiM:UjbwWrANOvFbUgAORAlsHLNnIXyiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
558cebb86a41306b0ed7a797de97244a_JaffaCakes118

Files

558cebb86a41306b0ed7a797de97244a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1575143c7276d23e65a1698d2158da9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\KXEngine\kws_new\Product\Release\dbginfo\kswebshieldsvc.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
Process32FirstW
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
Process32NextW
OpenProcess
CreateProcessW
SetThreadPriority
ResumeThread
CreateMutexW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateThread
SetConsoleCtrlHandler
SetProcessWorkingSetSize
DuplicateHandle
DeleteCriticalSection
GetProcAddress
Sleep
FreeLibrary
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
SetEvent
TerminateThread
GetCurrentThread
GetCurrentProcess
CreateEventW
CloseHandle
LoadLibraryW
WaitForSingleObject
CreateFileA
GetVersionExW
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
FlushFileBuffers
GetThreadLocale

user32

PeekMessageW
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
FindWindowW
ShowWindow
CreateWindowExW
GetMessageW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
LockServiceDatabase
OpenSCManagerW
UnlockServiceDatabase
StartServiceW
ChangeServiceConfigW
RegSetValueExW
CreateServiceW
RegDeleteValueW
OpenServiceW
RegCloseKey
RegCreateKeyW
CloseServiceHandle
ChangeServiceConfig2W
DeleteService
QueryServiceStatus
RegOpenKeyExW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW

ole32

CoCreateInstance

shlwapi

PathAppendW
PathRemoveFileSpecW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1575143c7276d23e65a1698d2158da9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shlwapi

wtsapi32

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 26KB - Virtual size: 26KB