fc570d97a6e0bdb570cc8c39bc93cbda_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc570d97a6e0bdb570cc8c39bc93cbda_JaffaCakes118
Size

160KB
MD5

fc570d97a6e0bdb570cc8c39bc93cbda
SHA1

aa4260370a69cd5ff5789a2b62e785e92f87299d
SHA256

65df1b18e826a2971937b52b936ae52ddcf10f6719b60698b38a885f0aee7002
SHA512

642bd63c9038c1f65ee2643285cf9dff5b847507ca866952cbec68bc6649bf2055935d3b616523b095e973ed27e1f5a7b4764e738dc65821b9b71e3db162541d
SSDEEP

1536:3bSUxqlDpuXapgIWvU8w3h8MOpfncGWoB85eTie/ZYb4c+QfyMpiBuwV3+BB+69k:WDFpx8YgncGJcDy6x+rD2LA2/Z4DRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc570d97a6e0bdb570cc8c39bc93cbda_JaffaCakes118

Files

fc570d97a6e0bdb570cc8c39bc93cbda_JaffaCakes118
.dll windows:4 windows x86 arch:x86

68a5eaf7b021d4f39b76498e19d9b72a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetLastError
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
GetCommandLineA
VirtualQueryEx
GetSystemInfo
WritePrivateProfileStringA
GetTickCount
GetCurrentThreadId
GetCurrentThread
CloseHandle
GlobalUnlock
GlobalLock
GlobalAlloc
WriteProcessMemory
ReadFile
GetFileSize
_llseek
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenA
GetLocalTime
WaitForSingleObject
CreateRemoteThread
MultiByteToWideChar
Thread32Next
GetThreadPriority
Thread32First
LoadLibraryA
GetProcAddress
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
FindFirstFileA
DeleteFileA
ResumeThread
IsBadReadPtr
GetModuleHandleA
VirtualAlloc
VirtualFree
GetComputerNameA
GetCurrentProcessId
VirtualProtect
Sleep
TerminateProcess
GetModuleFileNameA
GetPrivateProfileStringA
TerminateThread
CreateThread
GetCurrentProcess
OutputDebugStringA
WideCharToMultiByte

user32

GetForegroundWindow
CallNextHookEx
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
EnumChildWindows
IsWindowVisible
GetClientRect
SendMessageA
PostMessageA
FindWindowExA
GetClassNameA
GetWindowTextA
FindWindowA
GetWindowThreadProcessId

advapi32

RegCloseKey
RegRestoreKeyA
RegSetValueExA
RegFlushKey
RegOpenKeyExA
RegCreateKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
RegSaveKeyA

shell32

ShellExecuteA

netapi32

Netbios

ws2_32

shutdown

msvcrt

sprintf
strcmp
_except_handler3
_local_unwind2
memcpy
strncmp
_purecall
vsprintf
_stricmp
toupper
tolower
strtol
strrchr
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_strcmpi
atoi
strchr
strncpy
wcslen
strcpy
strcat
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
memcmp
strlen
memset

Exports

Exports

Start
Stop

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68a5eaf7b021d4f39b76498e19d9b72a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

netapi32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 7KB