35dde923bb6c33901cdbc9da791ad53a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35dde923bb6c33901cdbc9da791ad53a_JaffaCakes118
Size

189KB
MD5

35dde923bb6c33901cdbc9da791ad53a
SHA1

8e19dd460bb70a6f576dc3284c61f7373aa065c3
SHA256

21788e0e024b18822cb3bd3c65c49c81c88b43472177fd7d32e05286e1fcb42b
SHA512

b372b016139d34048749dffa075863a60b1bc8b62e3ba56b2fdc807779beda1a6868dceba4f892465cf0a7e1fda0f2a46c41fdf52a4e7622e5f40173f022579e
SSDEEP

3072:6TRVe/Ki5oJlF+0yABD2xuXLaSxSDKXMjapran3ZPAGv1SNyd//ilYJbJ:6Teyi5aBFBD2YbPGaon3ZPA+/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35dde923bb6c33901cdbc9da791ad53a_JaffaCakes118

Files

35dde923bb6c33901cdbc9da791ad53a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d08aeb711e7f96290fc211f588e396c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetProcessHeap
GetSystemTimeAsFileTime
InterlockedIncrement
SetEvent
InterlockedExchange
CompareStringA
GetVersionExA
GetVersion
GetSystemDirectoryA
TlsFree
HeapDestroy
ResetEvent
InterlockedDecrement
MultiByteToWideChar
HeapCreate
TlsSetValue
CompareStringW
WaitForSingleObject
CreateThread
CreateEventW
lstrcmpiW
SleepEx
LoadLibraryW
OpenEventW
WaitForMultipleObjects
CancelIo
ReleaseMutex
ReadFile
SetMailslotInfo
WaitForSingleObjectEx
CloseHandle
WriteFile
CreateFileW
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLocalTime
FlushFileBuffers
LocalFree
LocalAlloc
CreateMailslotA
lstrcatA
lstrlenA
lstrcpyA
Sleep
GetComputerNameW
VirtualProtect
CreateEventA
GetCommandLineA

user32

PostMessageW
CloseWindowStation
DefWindowProcW
SystemParametersInfoW
KillTimer
SetTimer
UnregisterDeviceNotification
RegisterClassExW
CloseDesktop
RegisterDeviceNotificationW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
CreateWindowExW

advapi32

RegDeleteKeyW
LsaQuerySecret
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
RegQueryInfoKeyW
RegGetKeySecurity
RegQueryValueExA
RegOpenKeyExA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
LsaOpenSecret
RegConnectRegistryW
RegOpenKeyExW
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegQueryValueExW
RegCloseKey
SystemFunction016
SystemFunction006
SetServiceStatus
RegCreateKeyExW

rpcrt4

UuidToStringA
RpcStringFreeA
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
NdrClientCall2

msvcrt

qsort
_strupr
wcscmp
memmove
_wcsicmp
wcscat
wcsncpy
wcslen
__CxxFrameHandler
_ftol
_adjust_fdiv
_XcptFilter
_initterm
swprintf
_vsnprintf
sprintf
wcsspn
_wcsnicmp
wcschr
rand
srand
memset
malloc
free
_except_handler3
wcsstr
wcscpy
strcspn
wcscspn
_wcslwr
_wcsupr
time

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d08aeb711e7f96290fc211f588e396c9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcrt

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 68KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 68KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB