JaffaCakes118_1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0
Size

83.9MB
MD5

4af39f5f5f586b73c91dae10eb527949
SHA1

0bd19b2327a1365753f555703eb1f20b2ab797f3
SHA256

1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0
SHA512

12ad79eb3b1be3f6e3dfa9a65f4bbba3d2ecf12f46cb360ba1a90e9188571ddc6ae68e25719c5e9b4194e77bdd038dd1cd7ec25187ffc7834c54bf69aa7c22bf
SSDEEP

1572864:yi9S2rG8Xzsjq9+Jt2/JYul9eO+B7bgIykbQJd8Lmseadm14Bqt:yic2Ub2/JYW9eO+B7b5ykbSd8Lmseay5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PlexDlnaServer.exe

Files

JaffaCakes118_1cf25999202dc9426ae5f2e7f77e67dfac062bb1a8a99dd9959b6451f3f499a0
.7z

Password: infected
PlexDlnaServer.exe
.exe windows:6 windows x86 arch:x86

ad3427a846d7d2b1db90e6b34d95e738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeKillEvent
timeSetEvent

userenv

GetUserProfileDirectoryW

ws2_32

WSAAsyncSelect

netapi32

NetApiBufferFree
NetShareEnum

kernel32

InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
Sleep
CreateFileW
FlushFileBuffers
SetFilePointer
WriteFile
CloseHandle
SetEvent
GetStdHandle
DuplicateHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetStartupInfoW
OpenProcess
GetConsoleWindow
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFileTime
CopyFileW
MoveFileExW
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
WideCharToMultiByte
CreateEventW
ReadFile
FindClose
FindFirstFileW
FindNextFileW
LocalFree
FormatMessageW
ResetEvent
ReleaseMutex
WaitForMultipleObjects
OutputDebugStringW
IsProcessorFeaturePresent
GetModuleHandleW
GetProcAddress
WaitForSingleObjectEx
GetCommandLineW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetSystemTime
GetLocalTime
CreateThread
GetCurrentThread
GetThreadPriority
TerminateThread
ResumeThread
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetModuleFileNameW
GetFileInformationByHandle
GetSystemInfo
GetLogicalDrives
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetComputerNameW
GetFileType
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstFileExW
FreeLibrary
GetModuleHandleExW
LoadLibraryW
LoadLibraryA
CreateFileA
InitializeCriticalSectionEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
RaiseException
GetLocaleInfoEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
RtlUnwind
InterlockedPushEntrySList
SetLastError
LoadLibraryExW
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetStdHandle
GetFileSizeEx
HeapFree
HeapReAlloc
HeapAlloc
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
WriteConsoleW
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
VirtualFree
VirtualAlloc
CreateMutexA
GetUserGeoID
GetGeoInfoW
GetDynamicTimeZoneInformation
LCIDToLocaleName
LocaleNameToLCID
SetEnvironmentVariableW
GetTimeZoneInformation
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetFileInformationByHandleEx
GetFullPathNameW
ResolveLocaleName
GetCurrencyFormatEx
GetNumberFormatEx

user32

TranslateMessage
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DispatchMessageW
PostMessageW
PeekMessageW
DefWindowProcW

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

Exports

Exports

icudt69_dat

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29.6MB - Virtual size: 29.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89.0MB - Virtual size: 89.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ad3427a846d7d2b1db90e6b34d95e738

Headers

DLL Characteristics

File Characteristics

Imports

shell32

version

winmm

userenv

ws2_32

netapi32

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 29.6MB - Virtual size: 29.6MB

.data Size: 107KB - Virtual size: 432KB

.rsrc Size: 89.0MB - Virtual size: 89.0MB

.reloc Size: 137KB - Virtual size: 136KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 29.6MB - Virtual size: 29.6MB

.data
Size: 107KB - Virtual size: 432KB

.rsrc
Size: 89.0MB - Virtual size: 89.0MB

.reloc
Size: 137KB - Virtual size: 136KB