JaffaCakes118_4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706
Size

626KB
MD5

6fd10ec71a73ced51f5c1801eb5abc52
SHA1

bc5422ab38d9722a124c34fed97383fdda948100
SHA256

4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706
SHA512

14364121557ae53689dc41dbad06b667182ee4458db8a71ea3eab26d4aeaa5d896d7f8831acf1d1551e77b4782f6f239f4f73cb2594a0718c25ebc920de4165c
SSDEEP

12288:SEmOsaR57q50GOgo4vCAIReX4WpUS6CLMzz22QJFNn5QAsj6x1:SEhr7quPd4vgRdLiMUJFNn5dxx1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/svchost.exe

Files

JaffaCakes118_4e6b554e797e097e3f9268538a84a0da76502427bb3c754119d112b7bf35a706
.zip

Password: infected
svchost.exe
.exe windows:5 windows x86 arch:x86

1679a5c6f05d9b5195b66ccfe1b877de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Legion\source\repos\last project\Release\curl.pdb

Imports

ws2_32

inet_addr
recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegSetValueExA

kernel32

GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
ExitProcess
HeapAlloc
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
HeapReAlloc
HeapSize
FindFirstFileExA
GetTimeZoneInformation
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
SetFilePointerEx
GetCurrentDirectoryW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CreateDirectoryExW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList

Sections

.text
Size: 1005KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1679a5c6f05d9b5195b66ccfe1b877de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

normaliz

wldap32

crypt32

advapi32

kernel32

Sections

.text Size: 1005KB - Virtual size: 1004KB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1005KB - Virtual size: 1004KB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 56KB - Virtual size: 55KB