4a13d87f18af155998308590e3a488e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a13d87f18af155998308590e3a488e6_JaffaCakes118
Size

111KB
MD5

4a13d87f18af155998308590e3a488e6
SHA1

9eda00aae384b2f9509fa48945ae820903912a90
SHA256

c322d10ef3aa532d4625f1c2589eae0f723208db37a7c7e81e4f07e36c3a537e
SHA512

2647fb1e91740d82746b33cf2ea7b946e4c4f98dcb3f8271db699b7a5ca0ba3c81542db2faf6ffb8ed16b1647ef422c3b8dc5e2be10ca75da3dfa61986b43fa8
SSDEEP

3072:1AP0ixvIH1cmbD8TeKuppT6D1CuDKxygELCPy5zwpi97:1AMywH1cHTruppT6D1C4KwF5cK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a13d87f18af155998308590e3a488e6_JaffaCakes118

Files

4a13d87f18af155998308590e3a488e6_JaffaCakes118
.dll windows:5 windows x64 arch:x64

3a036006d776fd317f5d022031dd92e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
WTSGetActiveConsoleSessionId
LocalFree
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
lstrcmpA
GetNativeSystemInfo
SetUnhandledExceptionFilter
GetSystemDefaultLCID
GetDriveTypeA
GetExitCodeProcess
CreateProcessA
ReadFile
GetStartupInfoA
GetLogicalDriveStringsA
GetLastError
GetExitCodeThread
CreatePipe
GetVersionExA
Sleep
WriteConsoleW
SetStdHandle
HeapReAlloc
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
lstrcmpiA
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetCurrentProcess
CreateThread
CreateEventA
WaitForSingleObject
lstrcpyA
DeleteFileA
CloseHandle
GetLocalTime
DisableThreadLibraryCalls
lstrcatA
WriteFile
lstrlenA
SetFilePointer
HeapSize
CreateFileW
SetEvent
GetStringTypeW
LCMapStringW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FlushFileBuffers
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FlsAlloc
SetLastError
FlsFree
GetFileSize
CreateFileA
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetStdHandle
ExitProcess
GetModuleHandleW
HeapDestroy
HeapFree
HeapAlloc
MultiByteToWideChar
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
EncodePointer
HeapSetInformation
GetVersion
HeapCreate

user32

GetSystemMetrics
GetWindowDC
GetDesktopWindow

gdi32

BitBlt
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
SetServiceStatus
GetUserNameA
CreateProcessAsUserA
OpenProcessToken
RegCloseKey
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
ConvertSidToStringSidA

shell32

SHGetSpecialFolderPathA

iphlpapi

GetTcpTable

wtsapi32

WTSQueryUserToken

ws2_32

closesocket
WSACleanup
WSAStartup
send
socket
recv
setsockopt
htons
inet_addr
gethostname
inet_ntoa
WSAGetLastError
ntohs
gethostbyname
connect

gdiplus

GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipDisposeImage
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
GdipScaleWorldTransform

crypt32

CertCloseStore

secur32

EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA
FreeCredentialsHandle

Exports

Exports

CsCreateClassStore
IID_IClassAdmin
ServiceMain

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a036006d776fd317f5d022031dd92e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

wtsapi32

ws2_32

gdiplus

crypt32

secur32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB