redosdru | b3c7b511cf32bf3f7b7b1c930c1220d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b3c7b511cf32bf3f7b7b1c930c1220d7_JaffaCakes118
Size

672KB
MD5

b3c7b511cf32bf3f7b7b1c930c1220d7
SHA1

d41f0081266d5d1f885f303bcd8185ee169ae5dd
SHA256

799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c
SHA512

2080bf540978e946400f10dd57e9866c37c040142f57784c766f3ec95a72b3b82c7be0484716eb77ed61e5036bab1a5cb73d8d4eaa35a54085632bdc77774ac4
SSDEEP

12288:veD27Sdt6DA+v7tdOmyrFczvPE7QlSEvB:hSbsA+vuVFczvPeQlSEp

Score

10^/10

redosdru

Malware Config

Extracted

Family

redosdru

http://139.196.224.137:8080/NetSyst96.dll

Signatures

Redosdru family
redosdru

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3c7b511cf32bf3f7b7b1c930c1220d7_JaffaCakes118

Files

b3c7b511cf32bf3f7b7b1c930c1220d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61e533cb94fb580a8cb382e8dbddbd5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GlobalSize
CopyFileA
HeapReAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetFileAttributesA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileStringA
GetFileTime
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrcpynA
GetLastError
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetFileSize
ReadFile
Sleep
CreateFileA
WriteFile
CloseHandle
FreeLibrary
HeapFree
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
GetProcessHeap
UnhandledExceptionFilter
HeapAlloc

user32

LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
CharUpperA
InflateRect
RegisterClipboardFormatA
RemoveMenu
wvsprintfA
PostThreadMessageA
DestroyIcon
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
SetRectEmpty
GetForegroundWindow
GetMenuStringA
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDialogBaseUnits
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
EnableWindow
LoadIconA
AppendMenuA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageA
GetClientRect
IsIconic
DrawIcon
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
GetMessagePos
CharNextA
GetSystemMetrics
SendMessageA
IsWindowUnicode
GetSystemMenu
DeleteMenu
InsertMenuA
PtInRect
GetClassNameA
WindowFromPoint
GetWindowThreadProcessId
GetDesktopWindow
WaitMessage
ReleaseCapture
SetCapture
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
OemToCharA
CharToOemA
MapWindowPoints
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItem
GetSysColorBrush
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UpdateWindow
SetForegroundWindow
SendDlgItemMessageA
ShowWindow

gdi32

SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
CreateRectRgn
SelectClipPath
SetPolyFillMode
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CopyMetaFileA
CreateDCA
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
ExtSelectClipRgn
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ExtractIconA

comctl32

ord17

oledlg

ord8

ole32

SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoDisconnectObject
OleRun
WriteFmtUserTypeStg
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleRegGetUserType
WriteClassStg
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoCreateInstance

olepro32

ord253

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
SysStringByteLen
VarCyFromStr
VariantClear
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysStringLen
LoadTypeLi
VariantTimeToSystemTime
VarBstrFromCy
VariantChangeType
VariantCopy

msvcrt

_endthreadex
_beginthreadex

imagehlp

MakeSureDirectoryPathExists

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

61e533cb94fb580a8cb382e8dbddbd5b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

msvcrt

imagehlp

wininet

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 17KB - Virtual size: 34KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 17KB - Virtual size: 34KB

.rsrc
Size: 3KB - Virtual size: 2KB