fb9897069736601ccceb72b9d00f2d05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb9897069736601ccceb72b9d00f2d05_JaffaCakes118
Size

579KB
MD5

fb9897069736601ccceb72b9d00f2d05
SHA1

f42e334ada24ba3cf29b1f51eb214a32385d0647
SHA256

94b876f1b863de202fb33436dbc26609a7284a677b9a84da42d83870f32d7db5
SHA512

63831ccd3adb62768d07f6698162d649611b8f94497fd87283428b7f1fe06dbeb580eb6baa46d301845c588ba575a1c650bb743f45505748ad4d74548a82fe24
SSDEEP

12288:T/Dtclbqh3AxzVH7hPz+fqVK7XS+sYu0SIvm/hwArk+et8:TLtcxxx9C7S+sYuJIvm/hwdt8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb9897069736601ccceb72b9d00f2d05_JaffaCakes118

Files

fb9897069736601ccceb72b9d00f2d05_JaffaCakes118
.dll windows:6 windows x86 arch:x86

1847ceccdc85432467665502f62563b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetQueryDataAvailable

kernel32

GetDiskFreeSpaceExW
GetCurrentThread
ReadConsoleOutputW
GetSystemDirectoryA
LoadLibraryA
GetTapeParameters
TlsAlloc
WaitForSingleObjectEx
GetThreadPriority
DeleteFileA
GlobalAlloc
InterlockedExchangeAdd
GlobalFree
CloseHandle
RaiseException
LoadLibraryW
ResetEvent
GetLocalTime
GetCurrentDirectoryW
SetCommMask
SetVolumeMountPointW
GetThreadContext
GetProcAddress
GlobalLock
CreateFileMappingA
LocalFree
GetFileSize
ExitProcess
GetComputerNameW
GetCurrentProcessId
GetProcessHeap
CreateFileA
CreateSemaphoreW
SetComputerNameExA
TlsGetValue
LocalReAlloc
GetSystemTimeAsFileTime
LocalFlags
TlsFree
CreateDirectoryA
IsBadReadPtr
SetProcessWorkingSetSize
CreateFileMappingW
CreateEventA
SetThreadContext
GetStringTypeW
GetTickCount
GlobalUnlock
lstrlenA
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
CreateFileW
WaitCommEvent
MoveFileExA
SetEvent
EnumCalendarInfoExA
GetFileAttributesA
AddRefActCtx
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
GetVolumeNameForVolumeMountPointW
SetCurrentDirectoryA
OpenProcess
DuplicateHandle
ResumeThread
GetComputerNameExW
IsSystemResumeAutomatic
GetSystemDirectoryW
SetupComm
SuspendThread
GetCurrentThreadId
LocalAlloc
GetCommMask
WaitForSingleObject
GetVolumeInformationA
CreateMutexA
FindClose
SetFilePointer
LeaveCriticalSection
SetThreadPriority
FindNextFileA
SetThreadUILanguage
RequestWakeupLatency
WaitForMultipleObjects
GetProcessAffinityMask
VirtualAlloc
GetStringTypeExW
InterlockedCompareExchange
ReleaseSemaphore
SetProcessAffinityMask
GetStdHandle
lstrlenW
GetCurrentProcess
VirtualFree
EnterCriticalSection
SetLastError
TlsSetValue
HeapCreate
FindFirstFileA
InterlockedExchange
CreateActCtxW
GetProcessWorkingSetSize
ReadFile
CreateHardLinkA
SetThreadAffinityMask
DecodePointer
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
InterlockedFlushSList
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
GetModuleFileNameA
WideCharToMultiByte
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
GetACP
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
HeapSize
HeapReAlloc

user32

ScrollWindow
GetWindow
GetWindowRect
SendMessageW
CheckMenuItem
SendMessageA
GetTopWindow

gdi32

SaveDC
DeleteDC
RestoreDC

advapi32

SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BackupEventLogW
DeregisterEventSource
ObjectOpenAuditAlarmW
GetSecurityDescriptorSacl
GetExplicitEntriesFromAclA
RevertToSelf
CreateServiceW
AddAuditAccessObjectAce
SaferIdentifyLevel
RegCloseKey
SaferCloseLevel
ObjectCloseAuditAlarmW
StopTraceA
LookupPrivilegeDisplayNameA
CloseServiceHandle
RegQueryValueExA
ClearEventLogW
OpenSCManagerW
LookupPrivilegeValueA
SetServiceStatus
StartTraceA
ChangeServiceConfig2W
OpenSCManagerA
RegCreateKeyExA
CredFree
GetTokenInformation
DeleteService
ClearEventLogA
ObjectPrivilegeAuditAlarmW
GetNamedSecurityInfoW
FreeInheritedFromArray
SetServiceObjectSecurity
SetSecurityDescriptorSacl
GetEventLogInformation
RegSetValueExA
UpdateTraceA
AccessCheckByTypeResultListAndAuditAlarmW
OpenProcessToken
ImpersonateNamedPipeClient
CredMarshalCredentialA
GetServiceDisplayNameW
AccessCheckByTypeAndAuditAlarmA
GetKernelObjectSecurity
QueryTraceA
BackupEventLogA
ChangeServiceConfigW
BuildSecurityDescriptorW
RegisterEventSourceW
OpenServiceA
CredIsMarshaledCredentialA
GetInheritanceSourceW

Exports

Exports

NowerSeller
ServiceMain
babl_base_model_rgb
babl_base_type_u15
babl_component
babl_hash_table_find
babl_mutex_unlock
formats

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1847ceccdc85432467665502f62563b5

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 286KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 172KB - Virtual size: 175KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 287KB - Virtual size: 286KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 172KB - Virtual size: 175KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB