1572b92d9ed87c520790f2d42cec4a03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1572b92d9ed87c520790f2d42cec4a03_JaffaCakes118
Size

193KB
MD5

1572b92d9ed87c520790f2d42cec4a03
SHA1

6fddd1ffe4ac567a1e72dfea7ccaf50416c7d81f
SHA256

f99e4aa0c7bf2b50c06a1f0bf2cc2e453becc650bf222b6f56be25f666e6da35
SHA512

d20409cdd71b7f93e18b2f543630f8248f91f7a328abdbf01d405598d7dcc946d86dc283654b838bf38887c921fcfdc18270838ef94ac3bc365e8aad5e4a2721
SSDEEP

6144:ZSJNrmO1Yp1blN/p/GZ6nun2nSnLn6JIZi7qTTBXeF53jFj:ZSJVR4vbeZi7qTTRed

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1572b92d9ed87c520790f2d42cec4a03_JaffaCakes118

Files

1572b92d9ed87c520790f2d42cec4a03_JaffaCakes118
.dll windows:3 windows x86 arch:x86

12c32157cfb6cf7bebf68cc869598a1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
OpenEventA
ReadFile
ReleaseMutex
ResetEvent
SetEndOfFile
SetEvent
SetFilePointer
SetFileTime
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateThread
ExitThread
FreeLibrary
GetCurrentThreadId
GetTickCount
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
IsBadReadPtr
SetErrorMode
HeapReAlloc
HeapSize
LoadLibraryA
GetLocalTime
GetLocaleInfoA
GetWindowsDirectoryA
FileTimeToSystemTime
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetFileTime
GetLogicalDrives
SetFileAttributesA
CreatePipe
DuplicateHandle
GetExitCodeProcess
PeekNamedPipe
ResumeThread
TerminateProcess
TerminateThread
GlobalFree
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetFileSize
FormatMessageA
GetFileType
GetPrivateProfileSectionA
MoveFileA
VirtualAlloc
VirtualFree
WritePrivateProfileSectionA
HeapFree
HeapDestroy
HeapCreate
GetVolumeInformationA
GetVersion
GetTimeZoneInformation
GetTempPathA
CloseHandle
GetSystemTime
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentProcessId
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
GetEnvironmentVariableA

advapi32

RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA

user32

GetClassNameA
GetClipboardData
GetMessageTime
GetParent
IsClipboardFormatAvailable
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
SendMessageTimeoutA
SetWindowsHookExA
TranslateMessage
UnhookWindowsHookEx
DispatchMessageA
ExitWindowsEx
CharToOemBuffA
GetActiveWindow
SetClipboardData
EmptyClipboard
ShowWindow
SetWindowTextA
GetClientRect
SetWindowLongA
MoveWindow
SystemParametersInfoA
GetWindowLongA
LoadCursorA
DefWindowProcA
CreateWindowExA
CloseClipboard
CallNextHookEx
PostThreadMessageA
OemToCharBuffA
EnumWindows
MessageBoxA
UnregisterClassA
DestroyWindow

wsock32

shutdown
gethostname
WSAAsyncSelect
WSAGetLastError
bind
connect
inet_ntoa
listen
recv
send
getsockname
ioctlsocket
closesocket
accept
WSAStartup
socket
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSACleanup
inet_addr

rpcrt4

UuidCreate

shell32

ShellExecuteA

ole32

CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
StringFromGUID2
OleInitialize

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound

Exports

Exports

DebugBreakpoint
DllCanUnloadNow
DllGetClassObject
Service
SpawnAndStart
Start
Uninstall

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12c32157cfb6cf7bebf68cc869598a1e

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wsock32

rpcrt4

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.bss Size: - Virtual size: 16B

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 18KB

.idata Size: 4KB - Virtual size: 4KB

shared Size: 10KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 137KB - Virtual size: 136KB

.bss
Size: - Virtual size: 16B

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 18KB

.idata
Size: 4KB - Virtual size: 4KB

shared
Size: 10KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 8KB