5dc053e01fc2483e1e22c1e0a8394916_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dc053e01fc2483e1e22c1e0a8394916_JaffaCakes118
Size

100KB
MD5

5dc053e01fc2483e1e22c1e0a8394916
SHA1

a48e98c30a1d6c5d3a658a0f5d70bd2f95c074a1
SHA256

fae7679d63f7d1c62461f5b578ccfde9afc3d06139b0d8c955dfdbdd221775bb
SHA512

a9e91a6da773eb2f538a21a697e3855781d3f22322b9a87aaa608b0c2f34e38e169d85e9e131357b084ce365d153e67353c4447c5a84710462dbd185ab7a094c
SSDEEP

3072:vYK4SlMDbJGQIVGnsnhRQnNktiYnwzYCIv:vCWM0M0hoenwzYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc053e01fc2483e1e22c1e0a8394916_JaffaCakes118

Files

5dc053e01fc2483e1e22c1e0a8394916_JaffaCakes118
.dll windows:4 windows x86 arch:x86

63333a7d797b2a79285ac3185a332de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GetModuleHandleA
QueueUserAPC
OpenThread
Thread32Next
Thread32First
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualAllocEx
Process32NextW
lstrcmpiW
Process32FirstW
LocalFree
LocalAlloc
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
WaitForSingleObject
SetEvent
GlobalMemoryStatus
TerminateProcess
WideCharToMultiByte
GetSystemInfo
CreateMutexW
GetCurrentProcessId
DisableThreadLibraryCalls
OpenMutexW
ConnectNamedPipe
CreateNamedPipeW
GetComputerNameW
ReadProcessMemory
VirtualQueryEx
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
DeleteFileW
GetModuleHandleW
CreateEventW
LoadLibraryA
GetProcAddress
lstrlenA
lstrcmpA
lstrcpynA
SetFilePointer
WriteFile
lstrcpyA
lstrcatA
CreateThread
GetTempPathW
CreateDirectoryW
CreateProcessA
ReadFile
CreateFileW
GetFileSize
lstrlenW
lstrcatW
FindNextFileW
FindClose
GetDriveTypeW
lstrcpyW
GetDiskFreeSpaceExW
DeviceIoControl
CreateFileA
GetSystemDirectoryA
GetVersionExW
OutputDebugStringA
OutputDebugStringW
CloseHandle
TerminateThread
DeleteFileA
MoveFileA
Sleep
ExitThread
GetCurrentProcess
GetLastError
GetTickCount
FindFirstFileW
MoveFileW
ExitProcess
MultiByteToWideChar

user32

RegisterClassW
LoadCursorW
LoadIconW
DefWindowProcW
SetTimer
KillTimer
GetAsyncKeyState
GetKeyState
GetForegroundWindow
GetWindowTextA
ReleaseDC
GetDC
CreateWindowExW
GetCursor
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
CloseWindowStation
PostMessageW
FindWindowW
GetSystemMetrics
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SendMessageW
wsprintfA
IsCharAlphaNumericW
IsCharAlphaNumericA
GetDesktopWindow
ExitWindowsEx
IsRectEmpty
keybd_event
SetCursorPos
mouse_event

gdi32

GetStockObject
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC

advapi32

SetKernelObjectSecurity
RegSetValueExW
RegDeleteKeyW
LookupAccountSidW
RevertToSelf
ControlService
EnumServicesStatusW
QueryServiceConfigW
GetTokenInformation
LookupAccountSidA
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceA
CreateServiceA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
LookupPrivilegeValueA
RegDeleteValueW
SetSecurityDescriptorDacl
MakeAbsoluteSD
GetSecurityDescriptorDacl
GetKernelObjectSecurity
ImpersonateLoggedOnUser
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyW

shell32

ShellExecuteA
SHFileOperationW
DoEnvironmentSubstA

msvcrt

_CxxThrowException
_purecall
_adjust_fdiv
_initterm
_onexit
__dllonexit
_wtoi
wcsncpy
_wcsicmp
wcsrchr
??1type_info@@UAE@XZ
strcmp
_errno
swprintf
_strupr
fopen
_tzset
_strtime
_strdate
wcslen
_wfopen
fwrite
strlen
memset
memcpy
rand
srand
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strcpy
_except_handler3
wcscpy
wcscmp
strstr
atoi
free
malloc
strcat
sprintf
strncpy
wcscat
fclose

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z

ws2_32

htonl
inet_addr
gethostbyaddr
__WSAFDIsSet
WSAGetLastError
inet_ntoa
recv
select
getpeername
ntohs
ntohl
WSAStartup
gethostbyname
setsockopt
htons
connect
send
closesocket
WSACleanup
socket

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

psapi

EnumProcessModules
GetModuleFileNameExW

oleaut32

GetErrorInfo

Exports

Exports

DownCtrlAltDel

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63333a7d797b2a79285ac3185a332de4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

msvcp60

ws2_32

wininet

avicap32

psapi

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 37KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 37KB

.reloc
Size: 8KB - Virtual size: 6KB