2c363d068f42a910fa8470698baa09be_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c363d068f42a910fa8470698baa09be_JaffaCakes118
Size

136KB
MD5

2c363d068f42a910fa8470698baa09be
SHA1

a00ae6923a8bbdd077745a1e0e429891093dc185
SHA256

4b5546077baa0a1a733698ee036899c4763c50c918a2d50aa7cf6d35c30cbac8
SHA512

1608d7fa88e43654bc1af63977bdf9f507e541b40857886a61559647e26216d7d34a041c527796095537ff09749e9ba390e0e91254cf6d003c60c3243b04906b
SSDEEP

3072:3obvCkGLLLhn1b30i/6fOkReKlee4lvg:YbyN1T0iyfO/Fe4t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c363d068f42a910fa8470698baa09be_JaffaCakes118

Files

2c363d068f42a910fa8470698baa09be_JaffaCakes118
.dll windows:4 windows x86 arch:x86

adc0e68ce8a5b15c5d099c327ce045b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\ByShell_Up56\ByShell\Release\ByShell.pdb

Imports

kernel32

GetDiskFreeSpaceExW
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
CreateEventW
GetModuleHandleW
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
FreeLibrary
LoadLibraryW
GetModuleFileNameA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileStringW
GetSystemDirectoryA
OpenFile
ExitProcess
DeleteFileA
GetCurrentThreadId
WriteFile
PeekNamedPipe
CreatePipe
GetTempPathW
GetWindowsDirectoryW
SetEvent
GlobalMemoryStatus
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeThread
VirtualFree
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
VirtualQuery
SetUnhandledExceptionFilter
MoveFileA
DeleteFileW
CopyFileW
CreateProcessA
ReadFile
CreateFileW
GetFileSize
CloseHandle
GetVolumeInformationW
TerminateThread
GetSystemDirectoryW
lstrcatW
GetStartupInfoW
CreateProcessW
CreateThread
GetTickCount
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetComputerNameW
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
SetEndOfFile
InterlockedExchange

user32

DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
GetAsyncKeyState
KillTimer
SetTimer
DefWindowProcW
IsWindow
SendMessageW
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
EnumChildWindows
GetWindowTextA
ReleaseDC
GetDC
GetDesktopWindow
mouse_event
SetCursorPos
keybd_event
FindWindowW
IsRectEmpty
GetCursor
FindWindowExW
GetWindowTextW
ExitWindowsEx
wsprintfW
GetSystemMetrics
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW

advapi32

ImpersonateSelf
DeleteService
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegDeleteKeyW

ole32

CoInitialize

shell32

ShellExecuteA
SHFileOperationW

oleaut32

VariantInit
SysFreeString
VariantClear

ws2_32

setsockopt
WSAStartup
htonl
htons
closesocket
connect
recv
socket
inet_ntoa
gethostbyname
ntohl
inet_addr
ntohs
select
getpeername
send
sendto
WSACleanup

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
SelectPalette
RealizePalette
GetDIBits
GetStockObject
DeleteObject

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

psapi

EnumProcessModules
GetModuleFileNameExW

wininet

InternetCloseHandle
FindNextUrlCacheEntryW
InternetOpenW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetReadFile
FindFirstUrlCacheEntryW

Exports

Exports

DownCtrlAltDel
GetDllModuleControl
StartServer

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BYShell
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adc0e68ce8a5b15c5d099c327ce045b9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

ws2_32

gdi32

avicap32

psapi

wininet

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 28KB

.BYShell Size: 4KB - Virtual size: 520B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 28KB

.BYShell
Size: 4KB - Virtual size: 520B

.reloc
Size: 12KB - Virtual size: 8KB