1b72544ca6459fd7c5aaef526fef5bd3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b72544ca6459fd7c5aaef526fef5bd3_JaffaCakes118
Size

118KB
MD5

1b72544ca6459fd7c5aaef526fef5bd3
SHA1

5387646ca26f8c71bb52ff7b95f17bfe09e14e50
SHA256

34b47754ac29bd6d652058ccfd28966766abcf646e5ea37e457d95c92c88cf00
SHA512

31e6ac6bf4a8b3a1d70559c17c19b960aaa70af84456f7ad579040591580b1cf2373edfbdd2fb1e629a0067c18ae1e418d023780ced9f14c38874e7193343c3d
SSDEEP

1536:8d6Xp6wwgbFCiPUr1ktPDjoaFzFpidltUisj4K1GuHfdHAY3dneP13L7tYm+wUvb:8dM6kUr1b8hpka0BY3Ve93HtYmCb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b72544ca6459fd7c5aaef526fef5bd3_JaffaCakes118

Files

1b72544ca6459fd7c5aaef526fef5bd3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d9862c21da1e4511f04fd46b33ef8611

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

advapi32

DeleteService
ChangeServiceConfigA
EnumServicesStatusA
QueryServiceConfigA
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
ControlService
OpenSCManagerA
GetUserNameA
QueryServiceConfig2A

user32

GetForegroundWindow
CallNextHookEx
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowTextA
GetWindowLongA
GetWindowThreadProcessId
GetClassNameA
EnumWindows
PostMessageA
FindWindowA
SetWindowsHookExA
wsprintfA
UnhookWindowsHookEx

shell32

ShellExecuteA

rpcrt4

UuidToStringA
RpcStringFreeA

psapi

GetModuleFileNameExA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDescriptionA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

ws2_32

WSACleanup
inet_addr
send
recv
WSAStartup
WSASetLastError
connect
gethostbyname
setsockopt
htons
socket
closesocket
inet_ntoa
gethostname

wininet

FtpSetCurrentDirectoryA
InternetConnectA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
FtpGetFileA
InternetOpenA

iphlpapi

GetAdaptersInfo

kernel32

CompareStringW
CompareStringA
SetEndOfFile
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
ExitProcess
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
GetWindowsDirectoryA
CloseHandle
GetCurrentProcess
Sleep
GetProcAddress
LoadLibraryA
MultiByteToWideChar
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
CreateMutexA
DeviceIoControl
GlobalFree
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
DeleteFileA
GetModuleFileNameA
CreateFileA
GetVersion
GetFileSize
SetFileTime
GetFileTime
GetSystemDirectoryA
WriteFile
SetFilePointer
GetLocalTime
LocalFree
LocalAlloc
SetEvent
WaitForSingleObject
CreateThread
CreateEventA
FormatMessageA
GetVersionExA
GetPrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
UnmapViewOfFile
RemoveDirectoryA
ReadFile
SetErrorMode
GlobalMemoryStatus
ExpandEnvironmentStringsA
TerminateProcess
CreateProcessA
CreatePipe
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
CreateDirectoryA
MoveFileExA
MoveFileA
GetTickCount
TerminateThread
VirtualAlloc
GetModuleHandleA
ReleaseMutex
WinExec
FreeLibrary
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetFileAttributesA
ExitThread
ResumeThread
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount

Sections

dvpyt
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

dvpyta
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SysLog
Size: 14B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9862c21da1e4511f04fd46b33ef8611

Headers

File Characteristics

Imports

imm32

advapi32

user32

shell32

rpcrt4

psapi

setupapi

ws2_32

wininet

iphlpapi

kernel32

Sections

dvpyt Size: 88KB - Virtual size: 92KB

dvpyta Size: 16KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 128KB

.SysLog Size: 14B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 9KB

dvpyt
Size: 88KB - Virtual size: 92KB

dvpyta
Size: 16KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 128KB

.SysLog
Size: 14B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 9KB