cryptbot | JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
Size

3.6MB
MD5

f384d8f765bf731b24f65e624cf3bb9f
SHA1

a4e076c523d90b3138a1f30724941705ccad66b1
SHA256

1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
SHA512

4400d63c0c563d1d928954592d6cbf687de7aa3845031e04b97947d981945a548dc913f1e8779fab83744919bd003086e17cdbda571ec9a39081cdf941d5e516
SSDEEP

49152:8EfM6VudS4seS0o/OOdGN/RvQ4Zz7Xqu+kHSePJFArmWSmTWLvSfNIuL:8EkW6YCH9NHSePJFEmWWSf

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

veosgv17.top

morysl01.top

Attributes

payload_url
http://tyngle01.top/download.php?file=lv.exe

Signatures

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f

Files

JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
.exe windows:6 windows x86 arch:x86

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\4\XY64\openjdk1\Subsystems\qt\pdb\Telerik\libs\nightly\code\Win3.pdb

Imports

kernel32

HeapFree
SetLastError
EnterCriticalSection
GetCurrentProcess
ReleaseSemaphore
GetModuleFileNameW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
DuplicateHandle
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
SetEvent
TerminateThread
LoadLibraryA
TlsSetValue
TlsAlloc
CloseHandle
HeapAlloc
QueueUserAPC
SetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateSemaphoreA
CreateEventA
CreateIoCompletionPort
SetWaitableTimer
GetModuleFileNameA
WaitForSingleObjectEx
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetFileSizeEx
GetConsoleOutputCP
HeapReAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
GetModuleHandleA
CreateWaitableTimerA
CreateFileA
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetStdHandle
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
FreeLibrary
GetModuleHandleW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObject

user32

MessageBoxA
GetActiveWindow

ws2_32

WSAIoctl
closesocket
WSASend
select
ntohl
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
accept
getsockname
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
bind
WSACleanup
__WSAFDIsSet
WSAStartup

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 202KB - Virtual size: 206KB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 110KB - Virtual size: 110KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 202KB - Virtual size: 206KB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 110KB - Virtual size: 110KB