35282dbd4c16e4b60d0929ae9b5a8358_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35282dbd4c16e4b60d0929ae9b5a8358_JaffaCakes118
Size

88KB
MD5

35282dbd4c16e4b60d0929ae9b5a8358
SHA1

39d9a690456db531c148164e8ac58c7d1313af0e
SHA256

33d04210bafec7b3c9694fc3187032e200c124aa8b5742ead8f7cf3eef508daf
SHA512

4f6433801aa321a3ad988857feba6ff8e6dc31c6aa9ee1c660ea66a7173918f12a67f3d92552b1251a86c4c309846f781e5b44dc60dc838a8f46f8d4675cbda0
SSDEEP

1536:4Kr2hrj4RAzpWrkT6JLsb9Gt3qc9PpfyEaJvsoUey7fGV:lr2h4RAzpet3q+PpyEapsoUey7fGV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35282dbd4c16e4b60d0929ae9b5a8358_JaffaCakes118

Files

35282dbd4c16e4b60d0929ae9b5a8358_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e607602a9ed8bdefcb08df76be510c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
_except_handler3
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
strrchr
strncpy
_purecall
realloc
malloc
strchr
fclose
fwrite
fopen
wcstombs
_beginthreadex
calloc
free
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
memmove

kernel32

CreateEventA
CloseHandle
WaitForSingleObject
lstrcpyA
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
lstrlenA
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetSystemDirectoryA
SetLastError
TerminateThread
MoveFileExA
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetComputerNameA
GetVersionExA
GetLastError
GetCurrentDirectoryA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
lstrcpynA
VirtualAlloc
OpenProcess
GetCurrentProcess
GetCurrentThreadId
lstrcmpiA
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
LocalSize

user32

SendMessageA
SetClipboardData
wsprintfA
EmptyClipboard
OpenClipboard
GetClipboardData
SetRect
GetSystemMetrics
GetDC
keybd_event
PostMessageA
OpenDesktopA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowTextA
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
GetDesktopWindow
CloseClipboard
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetCursorPos
SystemParametersInfoA
ReleaseDC

gdi32

CreateHalftonePalette
GetPaletteEntries
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetServiceStatus
RegisterServiceCtrlHandlerExA
CreateServiceA
StartServiceA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegOpenKeyExA

shell32

SHGetFileInfoA

shlwapi

StrStrA
SHDeleteKeyA
StrToIntA
StrChrA

wsock32

gethostbyname
htons
connect
setsockopt
select
closesocket
recv
ntohs
WSACleanup
WSAStartup
getsockname
send
socket

dbghelp

MakeSureDirectoryPathExists

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

imagehlp

CheckSumMappedFile

Exports

Exports

ResetSSDT
ServiceMain

Sections

.flat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e607602a9ed8bdefcb08df76be510c4d

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wsock32

dbghelp

msvcp60

wininet

imagehlp

Exports

Exports

Sections

.flat Size: 4KB - Virtual size: 3KB

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 2KB

.flat
Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 2KB