42799365ed8e9fa84beebeba207a77d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42799365ed8e9fa84beebeba207a77d1_JaffaCakes118
Size

300KB
MD5

42799365ed8e9fa84beebeba207a77d1
SHA1

3bd657f2c686561d83ddbd613e414b57dad07f24
SHA256

0578c8ee554606cc94fa23b1d0e7339a621ce9cf9eb8b471226d3cd08f064411
SHA512

d38e4fcd164a9db228232728d4a4df4a899bad9de50764be3f4188faf18b10c6199feed56f141efd8d752f9db5eaa58772a2a591cf196ad47999d45e44f8823e
SSDEEP

6144:xjcWoW1epnemS9n4PIZg/rNN0Pb+R9GFQwUZOEZr8xyPE:lVepZSOPIZgDSbw9/wXarayc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42799365ed8e9fa84beebeba207a77d1_JaffaCakes118

Files

42799365ed8e9fa84beebeba207a77d1_JaffaCakes118
.dll windows:6 windows x86 arch:x86

c1bcafea66fe54a7c7639439bbceb03c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
HeapAlloc
FileTimeToLocalFileTime
GetProcAddress
LocalFree
CreateJobObjectA
GetFileSize
ExitProcess
GetProcessHeap
FreeLibrary
ReadConsoleOutputCharacterW
SetConsoleOutputCP
GetSystemTimeAsFileTime
CreateDirectoryA
GlobalFree
CreateSemaphoreA
CreateEventA
MapViewOfFile
WriteConsoleOutputW
GetProcessTimes
WriteConsoleOutputCharacterW
IsBadStringPtrW
SetEndOfFile
HeapSize
GlobalAlloc
DeleteFileA
GetTapeParameters
LoadLibraryA
GetSystemDirectoryA
CreateFileA
MoveFileExA
GetConsoleDisplayMode
GetLastError
SetTapeParameters
Sleep
GetConsoleAliasExesA
SetCurrentDirectoryA
GetACP
UnmapViewOfFile
OpenSemaphoreA
SetComputerNameExW
LocalAlloc
GetVolumeInformationA
FindClose
GetConsoleTitleW
CreateConsoleScreenBuffer
FindNextFileA
SignalObjectAndWait
GetNumberOfConsoleMouseButtons
VirtualAlloc
CopyFileExA
GetStdHandle
GetConsoleOutputCP
GetCurrentProcess
FindNextFileW
GetFullPathNameW
FindVolumeMountPointClose
GetHandleInformation
VirtualFree
HeapFree
SetConsoleDisplayMode
FindFirstFileA
SearchPathW
FindFirstFileW
FindFirstVolumeMountPointW
GetVolumeInformationW
FoldStringA
ReadFile
CreateHardLinkA
CreateFileMappingW
GetFileAttributesExW
WriteConsoleW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
DuplicateHandle
GetModuleFileNameA
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
HeapReAlloc
GetStringTypeW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ReadConsoleW
FindFirstFileExA
GetCommandLineA
GetCommandLineW
CreateFileW
DecodePointer

user32

OpenWindowStationW
GetUserObjectSecurity
ClientToScreen
CloseWindowStation

advapi32

SetServiceStatus
QueryServiceConfig2A
LsaSetDomainInformationPolicy
RevertToSelf
DuplicateEncryptionInfoFile
ConvertSecurityDescriptorToStringSecurityDescriptorA
GetSecurityDescriptorDacl
StopTraceW
StartTraceW
RegCloseKey
GetAclInformation
LsaFreeMemory
LookupPrivilegeDisplayNameA
GetSecurityDescriptorRMControl
GetAce
CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
BuildExplicitAccessWithNameW
GetSecurityDescriptorGroup
CredRenameW
FileEncryptionStatusW
OpenSCManagerA
GetServiceKeyNameA
RegCreateKeyExA
BuildTrusteeWithNameW
InitializeSid
GetSecurityDescriptorOwner
ObjectPrivilegeAuditAlarmA
LsaSetTrustedDomainInfoByName
IsValidSid
RegSetValueExA
SetAclInformation
ImpersonateNamedPipeClient
EnumServicesStatusExW
AccessCheckAndAuditAlarmW
RemoveUsersFromEncryptedFile
ControlTraceW
QueryTraceW
OpenServiceW
LsaEnumerateAccountRights
LsaOpenPolicy
LsaClose
QueryServiceStatusEx
AccessCheckByType
OpenServiceA

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

GroundCats
ServiceMain
apply_patch
cmd_fini
cmd_g24r_in
cmd_point_dev
dump_lbl
dump_mar
dump_tre
dump_typ
get_subfile
getopt
getopt_long_only
hexdump
lbl_decode_static
main_gimgch
main_gimgxor
read_bytes_at
read_header
usage
vwarnx
warnx

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1bcafea66fe54a7c7639439bbceb03c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 8KB