427e7082554dee3b6f20798ba6807b1d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

427e7082554dee3b6f20798ba6807b1d_JaffaCakes118
Size

95KB
MD5

427e7082554dee3b6f20798ba6807b1d
SHA1

5d57ef63041917f1c616a8544a5761a5643edf9a
SHA256

2efbcd41c9e4a0ec66925b4b7d21a3a6e7b74dc67ab4f28d6532a20f7000fbda
SHA512

955dc3a8c653c531c0f8cf9197c46f9a62ef98f19d1ab2db3cdb7f893c18e1d0e6320279e62abc21be71a51d98fd0b22220601962c5bb39d2c3371eda3185587
SSDEEP

1536:aXBUs/2v1NlBW2BmiVgBH+GSd9PBcqcPf9syU74vEsy+dCrhO1Le1X:aXBxms25eBH+h9PBcqi9syU74vEsy+d6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427e7082554dee3b6f20798ba6807b1d_JaffaCakes118

Files

427e7082554dee3b6f20798ba6807b1d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bc13ab922901be25a612c66add6f3011

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msvcr90

_crt_debugger_hook
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_except_handler4_common
free
calloc
_beginthreadex
wcstombs
atoi
realloc
??_U@YAPAXI@Z
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
_CxxThrowException
??2@YAPAXI@Z
memset
__CxxFrameHandler3
??3@YAXPAX@Z
memmove
memcpy
ceil
strstr
_stricmp

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrcpyA
ResetEvent
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
MoveFileA
ReadFile
GetLastError
SetLastError
GetSystemDirectoryA
GetFileAttributesA
GetTempPathA
TerminateThread
MoveFileExA
GetLocalTime
GetTickCount
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
LoadLibraryExA
SetFileAttributesA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
GetCurrentProcess
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
InterlockedCompareExchange
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetCursorPos
GetSystemMetrics
SetRect
GetUserObjectInformationA
GetDC
ReleaseDC
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
GetThreadDesktop
OpenDesktopA
PostMessageA
CloseWindow
IsWindow
CreateWindowExA
GetDesktopWindow
wsprintfA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
GetFocus
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SystemParametersInfoA
SendMessageA

gdi32

CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
GetPaletteEntries
CreateHalftonePalette

advapi32

OpenServiceA
StartServiceA
OpenEventLogA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerExA
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
ClearEventLogA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
SetServiceStatus

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ws2_32

closesocket
gethostbyname
WSAStartup
connect
ntohs
socket
gethostname
getsockname
htons
setsockopt
send
select
recv
WSACleanup

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

dbghelp

MakeSureDirectoryPathExists

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ResetSSDT
ServiceMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc13ab922901be25a612c66add6f3011

Headers

File Characteristics

Imports

shlwapi

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp90

dbghelp

imm32

wininet

urlmon

avicap32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 8KB

.shared Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 8KB

.shared
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB