0c8215d4e39f6c019d747947d8d1ae20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c8215d4e39f6c019d747947d8d1ae20_JaffaCakes118
Size

62KB
MD5

0c8215d4e39f6c019d747947d8d1ae20
SHA1

736c1253fb71346c7aa13ec8165771f8d7c7c620
SHA256

b3fa5061239588a3cca6c21a11b780a727c144a8fdc8a60300f08da86133f0e1
SHA512

391051480bd0fd12ae2dd8539b080e1e2f98f4f2ffd50fc5b38b8a916febdc44d2df59a4a6ba144b3b098776082528514861c5d586ee3e714ac265ee922d59a2
SSDEEP

1536:NCdGdvn4Xlgqi1xSRDf48LCbWRKGldMLs:cyv4Xlgqi1wRDf48LCbWRKGP2s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c8215d4e39f6c019d747947d8d1ae20_JaffaCakes118

Files

0c8215d4e39f6c019d747947d8d1ae20_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6be1c7950a762dc6eceaaf1b4ff7a13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReadFile
GetPrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
GetComputerNameA
GetTempPathA
GetVolumeInformationA
CreateProcessA
GetTempFileNameA
GetModuleFileNameA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SizeofResource
LoadResource
FindResourceA
CreateToolhelp32Snapshot
GlobalFree
LoadLibraryExA
GlobalAlloc
GetModuleHandleA
MultiByteToWideChar
SetFileAttributesA
lstrcmpiA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
GlobalMemoryStatusEx
FreeConsole
SetEvent
GetCurrentThreadId
UnmapViewOfFile
Process32First
Process32Next
HeapReAlloc
HeapSize
HeapAlloc
CreateFileMappingA
MapViewOfFile
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
WriteFile
TerminateThread
GetSystemDirectoryA
GetTickCount
MoveFileA
MoveFileExA
GetProcessHeap
HeapFree
CreateEventA
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
lstrlenA
DeleteFileA
DeviceIoControl
Sleep

user32

OpenDesktopA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
wsprintfA
GetUserObjectInformationA

advapi32

AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
CreateProcessAsUserA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegRestoreKeyA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
InitializeAcl

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA

msvcrt

wcslen
wcstombs
_beginthreadex
_strcmpi
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
_strnicmp
strncat
strchr
time
difftime
localtime
memset
_except_handler3
strcat
strncpy
__CxxFrameHandler
_CxxThrowException
sprintf
memcpy
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
strlen
_purecall
strcmp
_strupr
strrchr
strstr
free
realloc
atoi
_snprintf

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

Exports

Exports

Reset_SSDT
ServiceMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6be1c7950a762dc6eceaaf1b4ff7a13

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcrt

imm32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 17KB

idata Size: 512B - Virtual size: 4B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 17KB

idata
Size: 512B - Virtual size: 4B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB