44d1eeecb20ed66d5a0332cc6bae2f5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44d1eeecb20ed66d5a0332cc6bae2f5b_JaffaCakes118
Size

173KB
MD5

44d1eeecb20ed66d5a0332cc6bae2f5b
SHA1

cafd2297c666fde0ff5350e9ce6a2c3c505827c3
SHA256

590eb6ee1eacda4f33c7f013aedd3c17b1550103d7a0bbd30fa20c5f93a00d5a
SHA512

664a8e479baa9d18fa9a8ebca36ccb606a32b81cf63d7bfbfaa0a09269a867901036ab1456bf54a3d7b4cb01c949ee50e6cea12cccf9152c729b6cc2a6490893
SSDEEP

3072:0eDOrzwr7J5cLDXyA0QodXeujifufj0JOg:0eDOvkvcLDXyVF2fuAJJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d1eeecb20ed66d5a0332cc6bae2f5b_JaffaCakes118

Files

44d1eeecb20ed66d5a0332cc6bae2f5b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c5682d0c03a7c2f7eac580c463c7ab98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetPrivateProfileIntA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
DeviceIoControl
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetModuleHandleA
LoadLibraryA
VirtualQuery
GetCommandLineA
GetFileSize
GetProcAddress
GlobalFree
GlobalReAlloc
GlobalAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
FreeLibrary
CreateMutexA
TerminateThread
GetCurrentProcess
TerminateProcess
ReadProcessMemory
WriteProcessMemory
OutputDebugStringA
Sleep
IsBadReadPtr
ResumeThread
CreateProcessA
CreateProcessW
IsBadWritePtr
ExitProcess
Process32Next
GetFileAttributesW
VirtualQueryEx
OpenProcess
Process32First
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
GetFileTime
VirtualAllocEx
GetSystemDirectoryA
OpenMutexA
VirtualProtectEx
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
WinExec
GetTempFileNameA
GetPrivateProfileStringA
MoveFileA
GetTempPathA
GetFileAttributesA
CreateFileA
GetTickCount
WriteFile
CloseHandle
ReadFile
SetFilePointer
DeleteFileA
GetModuleFileNameA
WideCharToMultiByte
CreateThread

user32

SetFocus
FindWindowA
SendMessageA
IsWindow
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
GetWindowTextA
wvsprintfA
GetWindowTextW
GetWindowRect
GetDlgItem
GetKeyboardState
MapVirtualKeyA
VkKeyScanA
ToAscii
wsprintfA
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextA
IsWindowVisible
GetDlgCtrlID
GetParent
GetWindow
GetWindowLongA
GetFocus
SetWindowLongA
GetKeyState
GetForegroundWindow
EnumThreadWindows
GetClassNameA
FindWindowExA
SetWindowsHookExA

gdi32

CreateFontA

advapi32

RegCloseKey
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA
QueryServiceStatus
ControlService

wininet

InternetCloseHandle
InternetConnectA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetOpenA
FtpPutFileA

shlwapi

PathFileExistsA

msvcrt

srand
_i64toa
wcsncpy
wcslen
wcsstr
wcsncat
wcscpy
_strlwr
strncmp
__dllonexit
_onexit
_initterm
_itoa
_adjust_fdiv
_stricmp
_strcmpi
rand
??2@YAPAXI@Z
isalpha
free
memchr
__CxxFrameHandler
isalnum
isdigit
malloc
memmove
sprintf
??3@YAXPAX@Z
atoi
_beginthread
strrchr
atol
strncat
_except_handler3
strchr
strstr
strncpy

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

ws2_32

inet_ntoa
WSAGetLastError
closesocket
recv
send
WSARecv
getpeername
htons
connect

imagehlp

ImageUnload
ImageLoad

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5682d0c03a7c2f7eac580c463c7ab98

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

shlwapi

msvcrt

msvcp60

ws2_32

imagehlp

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 14KB - Virtual size: 14KB