cryptbot | JaffaCakes118_1d40e787883c1fe416b13dc1b4557bb53c3929794a5cd76f10089f6efcef3636

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1d40e787883c1fe416b13dc1b4557bb53c3929794a5cd76f10089f6efcef3636
Size

3.6MB
MD5

41e8d1999f3912a89dd81cc4bf0397ea
SHA1

a0e2c39893d0fb533e0344891955d9d5feccbef3
SHA256

1d40e787883c1fe416b13dc1b4557bb53c3929794a5cd76f10089f6efcef3636
SHA512

3d88c02bfa663c123f9014f7e8622f6f6cee8d753951feccd1f235e7ac729cb0edc7be4662ed0d0fa1f92c4a2ea7eef2f06f60cad40b6020dbc29b197a42957a
SSDEEP

49152:SXdM52HyDSsCevofOilGp//3tC4+7rJ1sPHinZS/yUk2kn3TB3c/04o5kyI5b:StM5EXIItmCnZS/yH2k+/04R

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

veobsi38.top

moryel03.top

Attributes

payload_url
http://tyngos04.top/download.php?file=lv.exe

Signatures

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1d40e787883c1fe416b13dc1b4557bb53c3929794a5cd76f10089f6efcef3636

Files

JaffaCakes118_1d40e787883c1fe416b13dc1b4557bb53c3929794a5cd76f10089f6efcef3636
.exe windows:6 windows x86 arch:x86

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
SetLastError
EnterCriticalSection
GetCurrentProcess
ReleaseSemaphore
GetModuleFileNameW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
DuplicateHandle
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
SetEvent
TerminateThread
LoadLibraryA
TlsSetValue
TlsAlloc
CloseHandle
HeapAlloc
QueueUserAPC
SetCurrentDirectoryW
GetWindowsDirectoryW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateSemaphoreA
CreateEventA
CreateIoCompletionPort
SetWaitableTimer
GetModuleFileNameA
WaitForSingleObjectEx
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetFileSizeEx
GetConsoleOutputCP
HeapReAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
GetModuleHandleA
CreateWaitableTimerA
CreateFileA
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetStdHandle
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
FreeLibrary
GetModuleHandleW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObject

user32

MessageBoxA
GetActiveWindow

ws2_32

WSAIoctl
closesocket
WSASend
select
ntohl
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
accept
getsockname
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
bind
WSACleanup
__WSAFDIsSet
WSAStartup

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

fe5e8263b6e7b06c2d997d485b7f959f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 208KB - Virtual size: 208KB

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 112KB - Virtual size: 112KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 208KB - Virtual size: 208KB

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 112KB - Virtual size: 112KB