47619fca20895abc83807321cbb80a3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47619fca20895abc83807321cbb80a3d_JaffaCakes118
Size

55KB
MD5

47619fca20895abc83807321cbb80a3d
SHA1

c7f1b1c27cbd92926ae045b2f3ef2a6587110711
SHA256

d426869f3dc8c7ffa65d1cf6e4fff8470ac5c0b39a03daff4d6caa0ac806e7c9
SHA512

6a8030b06b4f620e6a1aae775bd7bd668d1c7c2ebc776e9d38a599b853b1a00bcb01345f6eedac43f533846f7a3c26aeb7b38b70c59305564e59b0b792eb9c91
SSDEEP

768:otZQ+Owg0pl1JRrbpakuIenJuVDt2pFnToIf12FhnSymelQcTnD0C:F+u6d3a3IenskFnToIf6RmelQIgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47619fca20895abc83807321cbb80a3d_JaffaCakes118

Files

47619fca20895abc83807321cbb80a3d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6d3528471093d21b3504c411543816d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeConsole
GlobalFree
GlobalAlloc
lstrcmpiA
Process32Next
ExitProcess
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
VirtualAlloc
CreateFileA
GetFileSize
GetCurrentThread
SetThreadPriority
GetTickCount
GetModuleFileNameA
WinExec
LocalAlloc
LocalFree
GetCurrentThreadId
lstrcpyA
SetProcessShutdownParameters
TerminateProcess
GetCurrentProcess
Module32First
OpenProcess
GetPriorityClass
OutputDebugStringA
lstrlenA
SetLastError
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileA
CopyFileA
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
CloseHandle
ReadFile
CreateThread
WaitForSingleObject
WriteFile
CreateToolhelp32Snapshot

user32

TranslateMessage
PeekMessageA
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
DispatchMessageA
GetThreadDesktop
GetProcessWindowStation
CloseWindowStation
PostMessageA
SetCursorPos
keybd_event
GetSystemMetrics
DrawIconEx
GetCursorInfo
CreateWindowExA
DefWindowProcA
LoadCursorA
wsprintfA
OpenWindowStationA
RegisterClassExA

gdi32

DeleteDC
GetDIBits
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject

advapi32

ChangeServiceConfigA
StartServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
ControlService
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyA
CreateServiceA
DeleteService
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
CreateProcessAsUserA
LogonUserA
RegDeleteKeyA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA

msvcrt

strcspn
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
atol
_local_unwind2
malloc
free
wcstombs
_ftol
??3@YAXPAX@Z
strstr
_strlwr
atoi
time
srand
rand
_except_handler3
_CxxThrowException
__CxxFrameHandler
sprintf
strncpy
??2@YAPAXI@Z

ws2_32

connect
socket
htons
closesocket
gethostbyname
WSAIoctl
WSACleanup
setsockopt
send
shutdown
WSAStartup
inet_addr
recv

shlwapi

SHDeleteKeyA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

NetUserAdd
NetLocalGroupAddMembers
NetUserDel

Exports

Exports

CloseINFOPerformanceData
CollectW3PerfData
IISEnumerateUsers
OpenINFOPerformanceData

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d3528471093d21b3504c411543816d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

shlwapi

wtsapi32

userenv

netapi32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB