fd28003a5b65ef1bdcd0b1fd3e1f3b95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd28003a5b65ef1bdcd0b1fd3e1f3b95_JaffaCakes118
Size

20KB
MD5

fd28003a5b65ef1bdcd0b1fd3e1f3b95
SHA1

31bf9f53770bc7efe5d2c96248f4e71e2d0c004d
SHA256

140bb3261d980a9ad2695285f3062d3e5f6f264791c13d0c2304971b5eb1b06d
SHA512

fa594c0672ef245c1a97c759f993142a85b3098523334ebc0b9c8a52c54446987a05b589796760d935e18cba98ce6d2df118f1bfddd51e7b99ce9ca2c33e7247
SSDEEP

384:JkNIzn3OWVXDcaqrFmU1SzC9SVm2B6LAjJpJNJ0bQ3DsytCPEk9w:WNO9V4n1UPJ3NOuDsytI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd28003a5b65ef1bdcd0b1fd3e1f3b95_JaffaCakes118

Files

fd28003a5b65ef1bdcd0b1fd3e1f3b95_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1bba6a4a39622270736c2ba645c64c24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
MoveFileA
GetTickCount
DeleteFileA
SetSystemTime
SetFileAttributesA
GetSystemTime
GetSystemDirectoryA
WinExec
CreateMutexA
lstrlenA
OutputDebugStringA
TerminateProcess
Process32Next
CreateToolhelp32Snapshot
lstrcatA
GetTempPathA
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
CreateThread
VirtualProtectEx
GetModuleFileNameA
GetComputerNameA
Sleep
OpenProcess
GetCurrentProcessId
CloseHandle

user32

wsprintfA
GetWindowThreadProcessId
GetForegroundWindow
GetClassNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

psapi

EnumProcessModules
GetModuleFileNameExA

msvcrt

??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
free
strrchr
sprintf
memchr
strncpy
__CxxFrameHandler
fclose
fread
fopen
rand
srand
_strlwr
fgetc
_vsnprintf
_stricmp
_timezone
_tzset
atoi
_mbsrchr
ftell
fseek
memmove

urlmon

URLDownloadToFileA

shlwapi

PathStripPathA

Exports

Exports

SetConfig

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__getgam
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bba6a4a39622270736c2ba645c64c24

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

psapi

msvcrt

urlmon

shlwapi

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 844B

__getgam Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 844B

__getgam
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB