000e54b7f24ea61cbe0ff1f18e0b0f20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

000e54b7f24ea61cbe0ff1f18e0b0f20_JaffaCakes118
Size

236KB
MD5

000e54b7f24ea61cbe0ff1f18e0b0f20
SHA1

89c10fec8600065e4d251a07ad386dbc60ff0f31
SHA256

9ac52b65e9b538be4809017bc730f2ebe722e5d96e272d75d76041e3fcb15d85
SHA512

476af196a00937c3612eedde587a24957f3035adce64c252fc714a2594f8ad629e2a065cc96bebc631cb4ceba6298c24f328ded7fecbe394b89585a2defd6307
SSDEEP

3072:IarD0xoIO0v5PnvnuiaLKkaGea2kdI2dD3swUkgrIUZP+PdrDrrVY7bIV3:IasxoIO0NfuikK3Gel2sIjrDrrVY7k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
000e54b7f24ea61cbe0ff1f18e0b0f20_JaffaCakes118

Files

000e54b7f24ea61cbe0ff1f18e0b0f20_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b38bfcc89f605ced25699cc1dbd4df5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
MultiByteToWideChar
GetPrivateProfileIntW
GetLastError
WinExec
GetComputerNameA
GetFileSize
WritePrivateProfileStringW
GetFileAttributesW
DeleteFileA
GetModuleFileNameA
CreateMutexA
CopyFileA
GetCurrentProcess
GetCurrentProcessId
SetLastError
FormatMessageA
LocalFree
GetWindowsDirectoryA
Sleep
WriteFile
WritePrivateProfileStringA
WideCharToMultiByte
CreateEventA
CreateEventW
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
FindNextFileA
FindClose
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemDirectoryA
CreateFileA
ReadFile
CloseHandle
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetSystemDirectoryW
GetThreadContext
GetTickCount
GetVersionExA
GetVersionExW
IsBadReadPtr
IsBadWritePtr
GetFileAttributesA
LoadLibraryExA
MapViewOfFile
OpenEventA
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenProcess
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ResumeThread
SetEvent
SetThreadPriority
TerminateProcess
CreateFileW
CreateFileMappingA
CreateFileMappingW
TerminateThread
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteFileW
DuplicateHandle
InterlockedExchange
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentThread
GetExitCodeThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcmpA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile

user32

PeekMessageA
LoadImageA
MessageBoxA
LoadStringA
CharLowerA
GetWindowTextA
GetParent
GetActiveWindow
CloseDesktop
DispatchMessageA
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
LoadStringW
TranslateMessage
GetKeyboardType

gdi32

GetTextExtentPoint32A
ResetDCA
CreateCompatibleBitmap
GetObjectType
CreateRectRgn
GetClipRgn
SelectClipRgn
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
ExtEscape
GetObjectA
CreateCompatibleDC
GetDIBColorTable
DeleteDC
CreateFontIndirectA
SetROP2
FillPath
CreateFontIndirectW
GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
GetDeviceCaps
SelectObject
Rectangle
GetStockObject

winspool.drv

DocumentPropertiesA
ClosePrinter
GetPrinterA
OpenPrinterA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
SetSecurityDescriptorDacl
RegSetValueExW
RegEnumKeyA
LookupPrivilegeValueA
IsValidSid
InitializeSecurityDescriptor
GetLengthSid
AdjustTokenPrivileges
GetKernelObjectSecurity

msvcrt

localtime
srand
rand
fopen
ftell
fseek
fclose
free
strrchr
wcscmp
_wtoi
_access
strncpy
atoi
wcslen
malloc
wcscat
wcscpy
swprintf
strncmp
time
??3@YAXPAX@Z
??2@YAPAXI@Z
toupper
sprintf
_ftol

ws2_32

socket
WSAStartup
closesocket
shutdown
gethostbyname
WSAGetLastError
inet_ntoa
send
WSACleanup
connect
inet_addr
htons
recv
__WSAFDIsSet
select
gethostname

oleaut32

SysReAllocStringLen
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b38bfcc89f605ced25699cc1dbd4df5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

msvcrt

ws2_32

oleaut32

Sections

.text Size: 64KB - Virtual size: 63KB

CODE Size: 112KB - Virtual size: 109KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 21KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 64KB - Virtual size: 63KB

CODE
Size: 112KB - Virtual size: 109KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 21KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 16KB - Virtual size: 12KB