fe2f2789132479e04bab97b42fbc745b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe2f2789132479e04bab97b42fbc745b_JaffaCakes118
Size

260KB
MD5

fe2f2789132479e04bab97b42fbc745b
SHA1

ab2c24ea2b5152d8d0d3c1bcd23ec6ed3975dbb0
SHA256

147d0252cf3700faaa7e28ea2d202e5948d14c5ed764072ca7091b9f7a057ce8
SHA512

58d7f36fd7f2ae51e67162f78c055d00ac27b394bd693a72cc6b80e3ce7c63da0b23966fd11e6d1dcb104e2bb1701939c2e35077d89f10e7a85828117b7505b8
SSDEEP

6144:TDmizsUAjREPgXL2M811lZCU54TBf6VDAOnz3VWb:TDmasUS3L411lZX4TpYpFW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe2f2789132479e04bab97b42fbc745b_JaffaCakes118

Files

fe2f2789132479e04bab97b42fbc745b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a79d35cf4c7e40eef00a98e6f71c09e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAGetOverlappedResult
shutdown
closesocket
WSACleanup
WSAStartup
WSACreateEvent
WSAAccept
bind
listen
WSASocketW
htons

psapi

GetModuleFileNameExW

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
GetModuleHandleW
CreateProcessW
GetVolumeInformationW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetSystemInfo
GetSystemDefaultUILanguage
GetLocaleInfoW
GetWindowsDirectoryW
GetVersionExW
GetLocalTime
GetComputerNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
TerminateThread
GetExitCodeThread
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
CreatePipe
ResumeThread
SetThreadPriority
Sleep
MoveFileW
FlushFileBuffers
SetFileTime
GetFileTime
LoadLibraryW
GetCurrentProcessId
GetModuleFileNameW
IsBadReadPtr
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateDirectoryW
SetFileAttributesW
SetEndOfFile
DeleteFileW
WriteFile
CreateFileW
CloseHandle
SetFilePointer
ReadFile
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDrives
GetDriveTypeW
DeleteCriticalSection
GetTickCount
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CreateThread
GetExitCodeProcess
TerminateProcess
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
HeapSize
VirtualProtect
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeLibrary
FreeEnvironmentStringsA
GetStartupInfoA
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType

user32

GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
OpenDesktopW
ExitWindowsEx
GetDC
GetSystemMetrics
ReleaseDC
OpenClipboard
GetClipboardData
CloseClipboard
MessageBoxW
SetThreadDesktop

gdi32

GetObjectW
RealizePalette
GetDIBits
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleBitmap

advapi32

ChangeServiceConfig2W
CreateServiceW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
RegSetValueExW
ChangeServiceConfigW
StartServiceW
ControlService
DeleteService
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
CreateProcessAsUserW

shell32

SHFileOperationW

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79d35cf4c7e40eef00a98e6f71c09e5

Headers

File Characteristics

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 11KB