16ffd23906df3d542ca9f16edbe290fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ffd23906df3d542ca9f16edbe290fc_JaffaCakes118
Size

160KB
MD5

16ffd23906df3d542ca9f16edbe290fc
SHA1

71db991a8c9fe910d08836639815856081ccd465
SHA256

6c47f40b4442f8aa771e4be539d65449fa286dafc680a374fd6b0b086e885cff
SHA512

1ff45b1f3fabd48a27292505780a06eecf7de6a55e4c8e3ce8d22518c89f95520c6796b19f09e7035993991a2c6f9c12b224103af4e52154f247197dabe8ffa9
SSDEEP

3072:5BaVP7zU+iWI7vyBhd+bWWSVp+vZQlZq5UVlKJTHonZ/hc:5Bc7zXk7m4bWW+8Biq5UKJsnZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ffd23906df3d542ca9f16edbe290fc_JaffaCakes118

Files

16ffd23906df3d542ca9f16edbe290fc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cf8a80e61dea2af4658140376a7dd478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\ByShell_Up39\DarkShell\Release\DarkShell.pdb

Imports

kernel32

CreateEventW
GetModuleHandleW
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
FreeLibrary
LoadLibraryW
GetModuleFileNameA
ResumeThread
CreateProcessW
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileStringW
OpenFile
ExitProcess
DeleteFileA
GetCurrentThreadId
WriteFile
PeekNamedPipe
GetStartupInfoW
CreatePipe
GetTempPathW
GetWindowsDirectoryW
SetEvent
GlobalMemoryStatus
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
GetExitCodeThread
VirtualFree
GetComputerNameW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetStringTypeW
GetStringTypeA
FindFirstFileW
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetFileSize
CloseHandle
GetVolumeInformationW
TerminateThread
lstrlenW
WideCharToMultiByte
Sleep
GetLastError
CreateThread
lstrcpyW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
TlsAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
FindNextFileW
FindClose
GetDriveTypeW
GetDiskFreeSpaceExW
CreateDirectoryW
MoveFileA
GetSystemDirectoryW
lstrcatW
DeleteFileW
CopyFileW
CreateProcessA
ReadFile
GetACP
SetEndOfFile
InterlockedExchange

user32

DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
KillTimer
GetAsyncKeyState
SetTimer
DefWindowProcW
IsWindow
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
EnumChildWindows
SendMessageW
GetDesktopWindow
mouse_event
SetCursorPos
keybd_event
LoadIconW
CloseWindowStation
GetWindowTextA
ReleaseDC
ExitWindowsEx
wsprintfW
FindWindowW
GetSystemMetrics
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC

advapi32

RegOpenKeyExW
DeleteService
ImpersonateSelf
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoInitialize

shell32

SHFileOperationW
ShellExecuteA

oleaut32

VariantInit
SysFreeString
VariantClear

ws2_32

setsockopt
WSACleanup
ntohl
ntohs
select
getpeername
send
recv
connect
WSAStartup
inet_ntoa
gethostbyname
closesocket
sendto
socket
inet_addr
htons
htonl

avicap32

capCreateCaptureWindowW
capGetDriverDescriptionW

gdi32

GetStockObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject

psapi

GetModuleFileNameExW
EnumProcessModules

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

Exports

Exports

DownCtrlAltDel
GetDllModuleControl
StartServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BYShell
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yjuy0
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yjuy1
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8a80e61dea2af4658140376a7dd478

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

ws2_32

avicap32

gdi32

psapi

wininet

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 19KB

.BYShell Size: 4KB - Virtual size: 520B

.yjuy0 Size: 12KB - Virtual size: 8KB

.yjuy1 Size: 20KB - Virtual size: 17KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 19KB

.BYShell
Size: 4KB - Virtual size: 520B

.yjuy0
Size: 12KB - Virtual size: 8KB

.yjuy1
Size: 20KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 6KB