073b16d4d08903193f89d025f7e4b4af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

073b16d4d08903193f89d025f7e4b4af_JaffaCakes118
Size

172KB
MD5

073b16d4d08903193f89d025f7e4b4af
SHA1

5d53ee0b84746888d9c54e4f5c0264fd76931d8d
SHA256

2dcac6210b9d71b91dfcacb1a5e3cce0f8c91be3994d105736001dc0f236c7a7
SHA512

068a7208a1c57323c9fc8d245ab734fb69858d3c7e3511ca389821eae797a7a0160f4c390da6cc72bd1229ceae6a068c783c56437da11396a8e42cbe9f253278
SSDEEP

3072:xvtMvECCU5W2dRfCKwHromoSzOy/ce+J4dPFuDa9Zt/XR81cXypYEi60ZldmG+k4:JtMvEr3KwHrVoSzOykeI4d9u2F/XR8Vb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073b16d4d08903193f89d025f7e4b4af_JaffaCakes118

Files

073b16d4d08903193f89d025f7e4b4af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0070b700c151e07cab2763cc4cf4c34d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

CreateCompatibleDC
CreateDCA
GetDeviceCaps
CreateFontIndirectA
SetTextColor
SetBkMode
DeleteDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

getpeername
select
recv
send
inet_addr
htons
gethostbyname
connect
WSACleanup
setsockopt
WSAStartup
socket
closesocket
getsockname
inet_ntoa
ntohs

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA

wtsapi32

WTSEnumerateSessionsA
WTSCloseServer
WTSFreeMemory
WTSOpenServerA

kernel32

GetStdHandle
GetVersionExA
GetLastError
GetCurrentProcess
WinExec
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetSystemDefaultLangID
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
GetCurrentProcessId
GetComputerNameA
GetCurrentThreadId
FindClose
FindFirstFileA
SetFileTime
GetFileTime
CreateFileA
LocalFree
TerminateProcess
lstrlenA
SetLastError
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
SystemTimeToFileTime
GetSystemTime
LocalAlloc
GetSystemDirectoryA
CreateMutexA
lstrcpyA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
MultiByteToWideChar
Thread32Next
Thread32First
WriteFile
Module32First
CopyFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
MoveFileExA
WaitForSingleObject
SuspendThread
CreateProcessA
FreeConsole
GetModuleFileNameA
ReadFile
GetStartupInfoA
CreatePipe
GetLocalTime
WideCharToMultiByte
SetPriorityClass
ResumeThread
GetVolumeInformationA
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
MoveFileA
LoadLibraryW
ProcessIdToSessionId
GlobalUnlock
GlobalLock
GlobalSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
GetExitCodeThread
Sleep
ExitThread
FreeLibrary
CloseHandle
GetTickCount
GetProcAddress
LoadLibraryA
CreateThread
DeleteFileA
OutputDebugStringA
Module32Next

user32

IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
keybd_event
mouse_event
GetCursorPos
DrawTextA
RedrawWindow
ReleaseDC
GetDC
PostThreadMessageA
ExitWindowsEx
GetSystemMetrics
CloseWindowStation
CloseDesktop
MessageBoxA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
GetDesktopWindow
GetClipboardData
CloseClipboard
OpenInputDesktop
GetUserObjectInformationA
PostMessageA
SystemParametersInfoA
SendMessageA
BlockInput
TranslateMessage
DispatchMessageA
wsprintfA
GetMessageA

advapi32

QueryServiceConfigA
ChangeServiceConfig2A
QueryServiceStatusEx
QueryServiceConfig2A
EnumServicesStatusExA
RegEnumValueA
DuplicateTokenEx
SetTokenInformation
RegisterServiceCtrlHandlerA
DeleteService
RegDeleteKeyA
CreateServiceA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
ChangeServiceConfigA
QueryServiceStatus
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
SetServiceStatus
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegOpenKeyA
RegEnumKeyA
RegDeleteValueA
RegSetValueExA
CreateProcessAsUserA
RegEnumKeyExA
RegOpenKeyExA

ole32

CoInitialize
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

SysFreeString
VariantClear

msvfw32

ICSendMessage
ICImageCompress
ICOpen
ICClose
ICCompress

winmm

waveInStart
waveInReset
waveInOpen
mixerGetLineControlsA
waveInUnprepareHeader
waveInAddBuffer
waveInPrepareHeader
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails
mixerClose
mixerOpen
waveInClose

msvcrt

fclose
printf
memcmp
_strrev
strncpy
memcpy
strncmp
strchr
memset
strlen
strcpy
atoi
fopen
strrchr
strstr
sprintf
strcat
_strdate
_strtime
fprintf
_vsnprintf
free
strtok
strcmp
_strupr
strncat
??2@YAPAXI@Z
_except_handler3
exit
fread
ftell
fseek
_snprintf
__CxxFrameHandler
_CxxThrowException
rand
wcstombs
srand
_ftol
realloc
abs
wcslen
_CIacos
_CIpow
calloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
malloc
_strnicmp
_stricmp
fwrite

Exports

Exports

InstallRD
InstallRT
InstallSA
PSLIST
Rundll32Main
ServiceMain
StartEXS
UninstallRD
UninstallRT
UninstallSA

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xdoors_d
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0070b700c151e07cab2763cc4cf4c34d

Headers

File Characteristics

Imports

gdi32

psapi

ws2_32

iphlpapi

wininet

wtsapi32

kernel32

user32

advapi32

ole32

oleaut32

msvfw32

winmm

msvcrt

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 40KB

xdoors_d Size: 12KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 40KB

xdoors_d
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB