213d4dba89ff6cd0feba7f878c7ffa6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

213d4dba89ff6cd0feba7f878c7ffa6c_JaffaCakes118
Size

68KB
MD5

213d4dba89ff6cd0feba7f878c7ffa6c
SHA1

0305ea2094f2cc1ee57917d272fc1e8e2e4fa605
SHA256

a74e99ba71efc92abb910ad42cc30c4fa804cc6a0b3f02752064137674d27177
SHA512

8bd179592a3460962dc40410f497d997b29009002bfbf20fd7501585a1feba84d98f13871928a35e5f60fbcd1725fc547aa8b3149d122ce05f0165c181b638e2
SSDEEP

1536:adxa3L4Ww6OR4DnCFkMpyABHZdmvb1FntEI:au74OCFkVMZdmvpFL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
213d4dba89ff6cd0feba7f878c7ffa6c_JaffaCakes118

Files

213d4dba89ff6cd0feba7f878c7ffa6c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cb6bbf5f83439dc434f0cc5c74d10a9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
SetErrorMode
MultiByteToWideChar
CreateMutexA
GetTickCount
SetUnhandledExceptionFilter
CreateThread
MoveFileExA
MoveFileA
GetSystemDirectoryA
WriteFile
CreateProcessA
WaitForSingleObject
GetLastError
lstrlenA
Sleep
DeleteFileA
SetLastError
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
OpenProcess
lstrcpyW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
FreeConsole

user32

wsprintfA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr
connect
accept
setsockopt
WSAGetLastError
select
__WSAFDIsSet
ntohs
send
closesocket
socket
htons
bind
listen
WSACleanup
WSAStartup
inet_ntoa
ioctlsocket
sendto
gethostname
recv
gethostbyname

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
AdjustTokenPrivileges

shlwapi

SHDeleteKeyA

msvcrt

wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_except_handler3
strchr
strncat
wcstombs
strstr
rand
srand
free
malloc
atoi
_errno
_vsnprintf
memmove
memchr
toupper
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z

Exports

Exports

ServiceMain

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb6bbf5f83439dc434f0cc5c74d10a9b

Headers

File Characteristics

Imports

kernel32

user32

wininet

iphlpapi

ws2_32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.sxdata Size: 4KB - Virtual size: 24B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.sxdata
Size: 4KB - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 3KB