082020e7f307ec9783b5f1524bb13add_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

082020e7f307ec9783b5f1524bb13add_JaffaCakes118
Size

50KB
MD5

082020e7f307ec9783b5f1524bb13add
SHA1

b885989f61d6da89f3d48054ec9baefb2ffa714c
SHA256

7a016c8d361566c07a9bb0a79f793a9d679838cc7c3de26a43581f634eb889cb
SHA512

a8cd79c8de5372389c3dd3ecf7c936a71f661078ac1ea447cebafdfbaf3f32c3bfaf80f081b54fa71cee74523d1b2f823adde4f68eafbeeece1b7849d3941725
SSDEEP

1536:46z/R2WayQzBP8opNENp+ujS1Jc0GA7fhVV5XZ:3RQyQt8akp+8nKfhH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
082020e7f307ec9783b5f1524bb13add_JaffaCakes118

Files

082020e7f307ec9783b5f1524bb13add_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7b55c494bcc8cef09c3cba5beca531b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
CreateProcessAsUserA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
OpenThreadToken
RegSetValueExA

ws2_32

send
recv
WSAStartup
inet_addr
htons
WSAGetLastError
connect
closesocket
gethostname
gethostbyname
inet_ntoa
WSACleanup
socket

msvcrt

_adjust_fdiv
_initterm
_strlwr
memcmp
__CxxFrameHandler
rand
_itoa
time
srand
memmove
strlen
isalpha
malloc
free
strncpy
strstr
atoi
strcat
exit
strchr
strrchr
sprintf
_snprintf
_except_handler3
memset
memcpy
??2@YAPAXI@Z
strcpy
??3@YAXPAX@Z

kernel32

GetSystemTime
WinExec
OpenEventA
VirtualFree
VirtualAlloc
CopyFileA
ReleaseSemaphore
GetCurrentDirectoryA
CreateSemaphoreA
GetCurrentThreadId
OpenThread
LocalFree
OpenProcess
Process32First
Process32Next
GetWindowsDirectoryA
GetLocalTime
SystemTimeToFileTime
CompareFileTime
MoveFileA
SetFileTime
SetFileAttributesA
GetLongPathNameA
GetFileAttributesA
lstrcmpA
FindClose
GetTempFileNameA
FileTimeToLocalFileTime
MultiByteToWideChar
GetFileTime
GetDriveTypeA
GetDiskFreeSpaceExA
lstrlenW
WideCharToMultiByte
FileTimeToSystemTime
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
LoadLibraryW
ResumeThread
GetLastError
WriteFile
CreateFileA
LoadLibraryA
CloseHandle
FreeLibrary
DeleteFileA
GetVersion
Sleep
GetProcAddress
ReadFile
lstrcpynA
SetFilePointer
GetFileSize
ExitThread
CreateThread
WaitForSingleObject
GetComputerNameA
lstrcpyA
lstrcatA
GetVersionExA
GlobalMemoryStatus
lstrlenA
lstrcmpiA
GetLogicalDriveStringsA
MoveFileExA
GetSystemDirectoryA
CreateDirectoryA
GetTempPathA
FindNextFileA
FindFirstFileA
DisableThreadLibraryCalls
GetModuleFileNameA
CreateProcessA

iphlpapi

GetAdaptersInfo

user32

GetMessageA
TranslateMessage

Exports

Exports

ServiceMain
TStartUp

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b55c494bcc8cef09c3cba5beca531b8

Headers

File Characteristics

Imports

advapi32

ws2_32

msvcrt

kernel32

iphlpapi

user32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 57KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 4KB