1ac03225d65182c5ca30de0cd33bfb32_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1ac03225d65182c5ca30de0cd33bfb32_JaffaCakes118
Size

41KB
MD5

1ac03225d65182c5ca30de0cd33bfb32
SHA1

dcfd318330af2489d10bc85e8649b903c3c2588d
SHA256

290b39642ddf0d9b17d3c973313ac5ce04778e9cd27bfe9e8d7311f29dd15700
SHA512

da0d3ac5b467048bda58ed2903410796b9ec98cf38a84a86d767be0b7a73de84c817fc63ea473ec6f8460312c1aea720e1c6b958db36cf15ff3042bf08f25df3
SSDEEP

384:XCX2Wi0u7lIgNXnMFE2WW32cj3IwJt2+1kgih4EoBNRtqZMVlt7ITz2yV93QCRpc:XC+fqgRnsEj+3IwuhmRMK7KhQac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ac03225d65182c5ca30de0cd33bfb32_JaffaCakes118

Files

1ac03225d65182c5ca30de0cd33bfb32_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba6f5c5eb8143970ab36697e880b1c8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
_beginthreadex
memset
wcstombs
strncpy
atoi
strlen
strcpy
abs
memcpy
_endthreadex
sscanf
atof
rand
srand
time
_ftol
_CxxThrowException
memmove
fclose
fseek
fopen
fread
realloc
_except_handler3
_strnicmp
_stricmp
_wcsnicmp
_adjust_fdiv
_initterm
free
_onexit
__dllonexit
_strupr
sprintf
strcat
__CxxFrameHandler
??3@YAXPAX@Z
malloc
??1type_info@@UAE@XZ

ws2_32

WSACloseEvent
gethostname
send
WSAResetEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
ioctlsocket
recv
WSAStartup
WSASocketA
inet_addr
gethostbyname
inet_ntoa
htons
connect
WSAGetLastError
WSAEventSelect
WSACreateEvent
shutdown
closesocket
WSACleanup

msvcp60

?_Xlen@std@@YAXXZ
?_Xran@std@@YAXXZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?_Fpz@std@@3_JB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain

kernel32

OpenProcess
GetModuleHandleA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrlenA
lstrcpynA
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetStartupInfoA
GetCurrentProcess
DuplicateHandle
GetEnvironmentVariableA
CreateProcessA
CreatePipe
WriteFile
ExitThread
PeekNamedPipe
ReadFile
CreateThread
TerminateThread
TerminateProcess
ResetEvent
CreateEventA
WaitForSingleObject
WaitForMultipleObjects
GetLastError
SetEvent
GetModuleFileNameA
Sleep
GetTickCount
GetSystemPowerStatus
GetVersionExA
CloseHandle
HeapFree
DisconnectNamedPipe
GetProcessHeap
HeapAlloc

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
CreateProcessAsUserA

Exports

Exports

ServiceMain

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba6f5c5eb8143970ab36697e880b1c8e

Headers

File Characteristics

Imports

msvcrt

ws2_32

msvcp60

crypt32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 2KB