651135bac59673015fe78472ba6c42ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

651135bac59673015fe78472ba6c42ec_JaffaCakes118
Size

145KB
MD5

651135bac59673015fe78472ba6c42ec
SHA1

1c5e5fd53fc2ee778342a5cae3ac2eb0ac345ed7
SHA256

6adf224f316e41be1efc1e84c5aa25d605963f48597a495f269f534ecb2eeee4
SHA512

98ea8d5203e267b66800948fb349c099516a5d36f0a4c7bfee3383531ce9fa198911c983a899f061108b448f336ff88de2441b4fe1ffbaf3dd0faad606d2ea7b
SSDEEP

3072:lrx3ACMMM8D+ya2zGn6vnHdjZF52xc4Ij4obVuCIIWd97G1EB:Zx48ja2zGn6HdjJ+cv4PT62

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
651135bac59673015fe78472ba6c42ec_JaffaCakes118

Files

651135bac59673015fe78472ba6c42ec_JaffaCakes118
.dll windows:5 windows x86 arch:x86

346213402e6a537448209d39623458cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
LoadLibraryA
DeleteFileW
FreeConsole
GetSystemInfo
CreateThread
Module32FirstW
GetProcAddress
MoveFileExW
GetStartupInfoA
WTSGetActiveConsoleSessionId
GetComputerNameW
CreateProcessW
WideCharToMultiByte
GetTempFileNameW
CreateProcessA
GlobalMemoryStatus
GetTickCount
MoveFileW
GetDriveTypeW
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetCommandLineW
SetEvent
FreeEnvironmentStringsW
Sleep
CreateEventW
SetFileAttributesW
GetACP
GetModuleHandleA
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetTempPathW
PeekNamedPipe
SetFilePointer
SetErrorMode
CreatePipe
GetOEMCP
GetVolumeInformationW
ReadFile
VerifyVersionInfoW
GetProcessHeap
VerSetConditionMask
FileTimeToLocalFileTime
HeapAlloc
Process32FirstW
FileTimeToSystemTime
Process32NextW
GetLastError
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
CreateFileW
LocalAlloc
lstrlenW
GetCurrentProcess
FindNextFileW
HeapFree
GetFileSizeEx
FindFirstFileW
GlobalUnlock
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
GetCurrentThreadId
GetEnvironmentStringsW
GetCPInfo
GetCommandLineA
TerminateProcess
IsValidCodePage
GetStringTypeW
LCMapStringW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
GetModuleFileNameW
InterlockedFlushSList
WriteFile

user32

GetProcessWindowStation
GetDesktopWindow
GetUserObjectInformationW
OpenInputDesktop
SetProcessWindowStation
CloseDesktop
GetThreadDesktop
SetThreadDesktop
ReleaseDC
OpenWindowStationW
CloseWindowStation
GetDC
wsprintfW
PostThreadMessageW
wsprintfA
GetMessageW
OpenDesktopW

gdi32

CreateDCW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
RealizePalette
DeleteObject
GetStockObject
GetDIBits
GetDeviceCaps
DeleteDC
SelectPalette
GetObjectW

advapi32

GetSidSubAuthorityCount
RegCloseKey
RegOpenKeyA
ConvertSidToStringSidA
RegQueryValueExA
SetServiceStatus
DeleteService
RegisterServiceCtrlHandlerW
RegOpenKeyExW
OpenServiceW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
SystemFunction036
GetSidSubAuthority
ControlService
OpenProcessToken
StartServiceW
EnumServicesStatusW
GetUserNameW
DuplicateTokenEx
LookupAccountSidW
OpenServiceA
LookupAccountNameW
GetSidIdentifierAuthority
GetTokenInformation

shell32

ord680

iphlpapi

GetAdaptersInfo

netapi32

NetWkstaGetInfo

shlwapi

PathFileExistsW

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpConnect

wtsapi32

WTSQueryUserToken

ws2_32

bind
closesocket
listen
accept
WSAStartup
gethostname
gethostbyname
WSAGetLastError
htons
recv
connect
socket
shutdown
send

Exports

Exports

ServiceMain
mymain

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

346213402e6a537448209d39623458cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

netapi32

shlwapi

winhttp

wtsapi32

ws2_32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB