JaffaCakes118_4432e261fe4d374ae729836aeaf86890

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4432e261fe4d374ae729836aeaf86890
Size

624KB
MD5

4432e261fe4d374ae729836aeaf86890
SHA1

d47e009dc9f95b82278f55ca380fba68d03f31bb
SHA256

1613a8283fa7b5ccb1ce81fc302807008347e058d1cda3a6f9b63e725bde40be
SHA512

7052cbc403f0501475f9dd7e64f7b8471421d2ad1dd35b4df8709525bb48a17993faec4ce0a915caf7da13cec64afe27f7d83f327347799031e3bd7ae7c10a00
SSDEEP

12288:IP/QHMmqh6hLIc7PSqLtS/ViurXvdyP9WX7HrSAKrlxTL78:84HFqh65Ic7qqI9iuzdIw7m5dL78

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4432e261fe4d374ae729836aeaf86890

Files

JaffaCakes118_4432e261fe4d374ae729836aeaf86890
.dll windows:4 windows x86 arch:x86

90d7bb7c60ec162d29311d954ffe20ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\工作代码目录\Cw_long_version\TCwdataComm\Release\TCwdataComm.pdb

Imports

kernel32

InterlockedExchange
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
HeapFree
GetProcessHeap
TlsGetValue
TlsSetValue
TlsFree
SetWaitableTimer
PostQueuedCompletionStatus
CreateEventA
HeapAlloc
SetEvent
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedExchangeAdd
TlsAlloc
GetQueuedCompletionStatus
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
SleepEx
GetProcAddress
GetModuleHandleA
GetSystemTimeAsFileTime
Sleep
CreateWaitableTimerA
GetTickCount
ReleaseSemaphore
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
CreateFileA
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
FormatMessageA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
ReadFile
SetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetCPInfo
GetOEMCP
SetEndOfFile
HeapReAlloc
ExitProcess
RtlUnwind
RaiseException
ExitThread
GetCurrentThreadId
CreateThread
IsBadReadPtr
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
HeapSize
UnhandledExceptionFilter
WriteFile
FlushFileBuffers
SetFilePointer
WideCharToMultiByte
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
LoadLibraryA
IsBadCodePtr
GetACP

ws2_32

WSAAddressToStringA
htonl
ntohl
ntohs
inet_addr
closesocket
htons
getservbyname
gethostbyname
WSAStringToAddressA
select
WSASocketA
WSASend
listen
ioctlsocket
getsockname
getsockopt
setsockopt
connect
bind
WSAGetLastError
accept
__WSAFDIsSet
WSASetLastError
WSACleanup
WSAStartup
WSARecv

netapi32

Netbios

Exports

Exports

CreateCwDataEngin
DelCwDataEnginInstance
DeleteCwDataEngin
GetCwDataEnginInstance
SetGlobalProxy
SetSSOHandle
SetTPSessionOption

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90d7bb7c60ec162d29311d954ffe20ef

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 426KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 16KB - Virtual size: 23KB

.tls Size: 4KB - Virtual size: 2B

.reloc Size: 36KB - Virtual size: 33KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 428KB - Virtual size: 426KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 16KB - Virtual size: 23KB

.tls
Size: 4KB - Virtual size: 2B

.reloc
Size: 36KB - Virtual size: 33KB

.rmnet
Size: 60KB - Virtual size: 60KB