0c1d5b007f7d4c6ebfdd3c6fe5a540c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c1d5b007f7d4c6ebfdd3c6fe5a540c8_JaffaCakes118
Size

108KB
MD5

0c1d5b007f7d4c6ebfdd3c6fe5a540c8
SHA1

ccbdbf600ce82c40bc5be87413b8e10bcaf3af0f
SHA256

848c8e0e8a53195e0cbf01591b11eefd40756e3c763e10ddbfb58468a5fb4adc
SHA512

60b3faffb8c15ff20d3e98563d5a32b40ecdf1c757fe9d62c30d25039de9aa254deb81394fa62052ecab2b07683b9744a5b00972526a295b1a6cbda30e10f87f
SSDEEP

1536:VdzNnhZFzjEYwoMupkI+TSF6D6hwQnFdBbacmByfs0SR6YxoG0XQcY692:Lz1hZFF/XksFnVxbaJBEs0S8CoG0cC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1d5b007f7d4c6ebfdd3c6fe5a540c8_JaffaCakes118

Files

0c1d5b007f7d4c6ebfdd3c6fe5a540c8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7bca659baf7c7f5defc25eae005a0a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msvcrt

ceil
memmove
??3@YAXPAX@Z
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
free
malloc
_except_handler3
strrchr
strncpy
atoi
_strnset
_strrev
_strnicmp
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
realloc
strncat
strtok
time
srand
rand
_errno
strchr
strncmp

kernel32

lstrcpyA
SetEvent
InterlockedExchange
CancelIo
DeleteFileA
GetLastError
CreateDirectoryA
lstrlenA
lstrcatA
GetDriveTypeA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
InitializeCriticalSection
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
Sleep
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetVersionExA
ExitProcess
GetCurrentProcess
GetVersion
DeviceIoControl
CreateRemoteThread
CloseHandle
VirtualAllocEx
OpenProcess
GetTickCount
GetWindowsDirectoryA
TerminateThread
CreateEventA
GetLocalTime
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreateProcessA
CreatePipe
TerminateProcess
PeekNamedPipe
GlobalMemoryStatusEx
GetSystemInfo
OpenEventA
SetErrorMode
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
WriteProcessMemory
DeleteCriticalSection
RemoveDirectoryA
RaiseException

user32

IsWindow
SendMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetProcessWindowStation
wsprintfA
ExitWindowsEx
MessageBoxA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
SetRect
OpenWindowStationA
SetProcessWindowStation
GetCursorPos
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
GetClipboardData

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
RegOpenKeyExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA

shell32

SHGetFileInfoA

ws2_32

htonl
gethostname
__WSAFDIsSet
recvfrom
WSACleanup
bind
getsockname
inet_addr
inet_ntoa
send
select
ntohs
closesocket
socket
WSAStartup
connect
htons
gethostbyname

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

msvfw32

ICClose
ICSeqCompressFrame
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree
ICOpen
ICSeqCompressFrameStart

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

Eternal
Go
Heart
On
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bca659baf7c7f5defc25eae005a0a2b

Headers

File Characteristics

Imports

shlwapi

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp60

wininet

msvfw32

psapi

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB