3ece7fde1b469afd4810a5af31a49981_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ece7fde1b469afd4810a5af31a49981_JaffaCakes118
Size

58KB
MD5

3ece7fde1b469afd4810a5af31a49981
SHA1

edc9413f9d295322f3b35cae88f564830d453ed1
SHA256

0868d05e97514ab75e8279cce124df009024f271bb21a98a5b7d188335da4c5b
SHA512

099a897974ef05b26481317043361277ffe191bdef56c2970984992de144f696ef3bcef14d22d3a9458515e857f35651fca56e5c10ebe01431c18d9c0de905e1
SSDEEP

768:4wqjwnkZb5rvnBeVJMiaqiyIUhaxlCqFdu4KDf4sxLC4i+jeWRgDdvdMLM:zYdbdvn4Xlaqi1xCRDf48LCbWRgFdMLM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ece7fde1b469afd4810a5af31a49981_JaffaCakes118

Files

3ece7fde1b469afd4810a5af31a49981_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6be1c7950a762dc6eceaaf1b4ff7a13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReadFile
GetPrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
GetComputerNameA
GetTempPathA
GetVolumeInformationA
CreateProcessA
GetTempFileNameA
GetModuleFileNameA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SizeofResource
LoadResource
FindResourceA
CreateToolhelp32Snapshot
GlobalFree
LoadLibraryExA
GlobalAlloc
GetModuleHandleA
MultiByteToWideChar
SetFileAttributesA
lstrcmpiA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
GlobalMemoryStatusEx
FreeConsole
SetEvent
GetCurrentThreadId
UnmapViewOfFile
Process32First
Process32Next
HeapReAlloc
HeapSize
HeapAlloc
CreateFileMappingA
MapViewOfFile
GetLocalTime
CreateFileA
GetFileSize
SetFilePointer
WriteFile
TerminateThread
GetSystemDirectoryA
GetTickCount
MoveFileA
MoveFileExA
GetProcessHeap
HeapFree
CreateEventA
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
lstrlenA
DeleteFileA
DeviceIoControl
Sleep

user32

OpenDesktopA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
wsprintfA
GetUserObjectInformationA

advapi32

AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
CreateProcessAsUserA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegRestoreKeyA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
InitializeAcl

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA

msvcrt

wcslen
wcstombs
_beginthreadex
_strcmpi
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
_strnicmp
strncat
strchr
time
difftime
localtime
memset
_except_handler3
strcat
strncpy
__CxxFrameHandler
_CxxThrowException
sprintf
memcpy
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
strlen
_purecall
strcmp
_strupr
strrchr
strstr
free
realloc
atoi
_snprintf

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

Exports

Exports

Reset_SSDT
ServiceMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6be1c7950a762dc6eceaaf1b4ff7a13

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcrt

imm32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 17KB

idata Size: 512B - Virtual size: 4B

.rsrc Size: 9KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 17KB

idata
Size: 512B - Virtual size: 4B

.rsrc
Size: 9KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB