cryptbot | JaffaCakes118_793c8f1ba0ed34ea1797e964594f4f1e2271e74a76a088404e4c878f08372b8b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_793c8f1ba0ed34ea1797e964594f4f1e2271e74a76a088404e4c878f08372b8b
Size

3.6MB
MD5

58054be329949cfb4c8ab7a93734bcdc
SHA1

2642c000d41cdfab367cdfa2cabef183c254b0d0
SHA256

793c8f1ba0ed34ea1797e964594f4f1e2271e74a76a088404e4c878f08372b8b
SHA512

ecf43fd2e11ed6973bac57da957a5a2d687ef539ac5f7fca7fcd93abd3186500e3fa0792ffa725e353e457881c6e7ad80c91173dce890fa7c9ccba4f4abcaedd
SSDEEP

49152:OnQ6pS2SfWOYo/OuNGl/9hyw/bKuuJiD/SiHLPONYWRmGT1q07aK1WTH97CI+L:OQaCG/bKuuMD/SiDQYfGT1qQaKQ

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

veotar33.top

moryel03.top

Attributes

payload_url
http://tyngos04.top/download.php?file=lv.exe

Signatures

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_793c8f1ba0ed34ea1797e964594f4f1e2271e74a76a088404e4c878f08372b8b

Files

JaffaCakes118_793c8f1ba0ed34ea1797e964594f4f1e2271e74a76a088404e4c878f08372b8b
.exe windows:6 windows x86 arch:x86

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
SetLastError
EnterCriticalSection
GetCurrentProcess
ReleaseSemaphore
GetModuleFileNameW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
DuplicateHandle
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
SetEvent
TerminateThread
LoadLibraryA
TlsSetValue
TlsAlloc
CloseHandle
HeapAlloc
QueueUserAPC
SetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateSemaphoreA
CreateEventA
CreateIoCompletionPort
SetWaitableTimer
GetModuleFileNameA
WaitForSingleObjectEx
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetFileSizeEx
GetConsoleOutputCP
HeapReAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
GetModuleHandleA
CreateWaitableTimerA
CreateFileA
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetStdHandle
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
FreeLibrary
GetModuleHandleW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObject

user32

MessageBoxA
GetActiveWindow

ws2_32

WSAIoctl
closesocket
WSASend
select
ntohl
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
accept
getsockname
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
bind
WSACleanup
__WSAFDIsSet
WSAStartup

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 202KB - Virtual size: 206KB

.rsrc Size: 194KB - Virtual size: 193KB

.reloc Size: 110KB - Virtual size: 110KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 202KB - Virtual size: 206KB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 110KB - Virtual size: 110KB