0f8fa8e89d5662dc2e766f496cc6e3b4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f8fa8e89d5662dc2e766f496cc6e3b4_JaffaCakes118
Size

110KB
MD5

0f8fa8e89d5662dc2e766f496cc6e3b4
SHA1

f571d34004877dfde33e584002dceed01f3398c9
SHA256

248f61aa57c3abc2f8f63adb69418d5207a5c2d6a76f029d3683146d8811fb85
SHA512

aa5b8643409cf3b523d55ab47572fc4078fe456bec53e321b184ae4d2ebeea53e8fabca548edb102162aa24a01bbd264c7c33f2d46348d8384b3a22f45d4bbae
SSDEEP

3072:BdB7eWp7VIgubldpWkkKb0hG1hNTrr/Me3/TUd:h7eWp7VIgu+xEoG1rTrrUebO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8fa8e89d5662dc2e766f496cc6e3b4_JaffaCakes118

Files

0f8fa8e89d5662dc2e766f496cc6e3b4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a5b859da04378d3cb10a2e84c6ecf9dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
HeapFree
MapViewOfFile
GetLocalTime
HeapAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalSize
GetStartupInfoA
CreatePipe
TerminateProcess
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
FindResourceA
LoadResource
CreateRemoteThread
CreateFileMappingA
GetModuleHandleA
LoadLibraryExA
SetFileAttributesA
SetUnhandledExceptionFilter
CreateMutexA
SetErrorMode
OpenEventA
ReleaseMutex
FreeConsole
LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
GetCurrentThreadId
WriteProcessMemory
VirtualAllocEx
OpenProcess
UnmapViewOfFile
MoveFileExA
DeviceIoControl
GetTickCount
GetCurrentProcess
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
CreateProcessA
WriteFile
MoveFileA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
RemoveDirectoryA
LocalFree
LocalReAlloc
LocalAlloc
FindClose
FindNextFileA
FindFirstFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
DeleteFileA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
Sleep
lstrcpyA
ResetEvent
InterlockedExchange
CancelIo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
VirtualFree
ResumeThread
CreateThread
WaitForSingleObject
SetEvent
CloseHandle
TerminateThread
SizeofResource

user32

mouse_event
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetDesktopWindow
SetRect
GetSystemMetrics
ReleaseDC
SetCapture
GetCursorInfo
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
EnumWindows
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
CloseWindow
WindowFromPoint
GetCursorPos
SetCursorPos
CallNextHookEx
GetMessageA
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
LoadCursorA
DestroyCursor
GetDC
BlockInput
TranslateMessage
DispatchMessageA
wsprintfA
CharNextA
SetWindowsHookExA
UnhookWindowsHookEx
CreateWindowExA
IsWindow
PostMessageA
OpenDesktopA

gdi32

BitBlt
CreateCompatibleDC
GetDIBits
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
DeleteDC

advapi32

LookupAccountSidA
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
OpenEventLogA
ClearEventLogA
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegSetKeySecurity
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp
wcstombs
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
_strcmpi
atoi
realloc
strncat
strcat
strncpy
strrchr
free
_except_handler3
malloc
strchr
strcpy
strcmp
_CxxThrowException
memcmp
strlen
strstr
memmove
ceil
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
memset
??2@YAPAXI@Z

winmm

waveOutReset
waveOutUnprepareHeader
waveOutClose
waveOutWrite
waveInGetNumDevs
waveInOpen
waveInClose
waveInStart
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInUnprepareHeader
waveInReset
waveInStop
waveInPrepareHeader
waveInAddBuffer

ws2_32

setsockopt
closesocket
socket
gethostbyname
htons
connect
WSAIoctl
getsockname
gethostname
ntohs
recv
select
send
WSACleanup
WSAStartup

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICSendMessage

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5b859da04378d3cb10a2e84c6ecf9dd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

imm32

wininet

avicap32

msvfw32

psapi

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 69KB

.text1 Size: 1KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 7KB

.data1 Size: 11KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 69KB

.text1
Size: 1KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 7KB

.data1
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB