5bd2aa25eca4a19b7e64bcb48e7906e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bd2aa25eca4a19b7e64bcb48e7906e1_JaffaCakes118
Size

133KB
MD5

5bd2aa25eca4a19b7e64bcb48e7906e1
SHA1

2df0063cf04063ce543cc1b2824583970d2ec16e
SHA256

457dbbd2db4dc1c135c22aade218aeb1ea91413412c585927ed4e1820bd626de
SHA512

61bf54848337f9fca4ee1f2737b76dc9991add41583dc7971c16e8dcddf4c898e0961f17e31121d7d291920c7d6479c83fe7aaee78472a7e78d4c1c01e591b4a
SSDEEP

3072:UG2qCnUriEJy5dGfWOYoQALLb4sRgccZG0FGqtjx:/2qAWiCygDYx0osZIGKGqtF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bd2aa25eca4a19b7e64bcb48e7906e1_JaffaCakes118

Files

5bd2aa25eca4a19b7e64bcb48e7906e1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

449acac94d445251bceaee886a7b4136

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
lstrcatA
CreateProcessA
WaitForSingleObject
CreateThread
TerminateThread
lstrcmpiA
MapViewOfFile
HeapFree
UnmapViewOfFile
GetModuleHandleA
GlobalFree
FindFirstFileA
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
GetModuleFileNameA
OpenEventA
SetErrorMode
GetCurrentProcess
GetWindowsDirectoryA
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
CreateFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetDiskFreeSpaceExA
GetDriveTypeA
FreeLibrary
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
CloseHandle
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
GetLastError
VirtualAlloc
Sleep
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GlobalUnlock

user32

RegisterClassA
LoadMenuA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorInfo
DestroyCursor
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
mouse_event
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
SendMessageA
MapVirtualKeyA
LoadIconA

gdi32

GetStockObject

advapi32

RegSaveKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCreateKeyExA
OpenSCManagerA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
StartServiceA
AdjustTokenPrivileges
RegRestoreKeyA

shell32

SHGetSpecialFolderPathA

msvcrt

memset
strstr
strlen
puts
_ftol
_stricmp
ceil
strcpy
sprintf
strncpy
free
malloc
_except_handler3
strcmp
strrchr
??2@YAPAXI@Z
strcat
atoi
_errno
strncat
strchr
_beginthreadex
wcstombs
_access
srand
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__dllonexit
_onexit
memcmp
__CxxFrameHandler
_CxxThrowException
strncmp
_strrev
_strnicmp
rand
putchar
memmove
??3@YAXPAX@Z
memcpy

ws2_32

closesocket
send
inet_addr
connect
sendto
WSASocketA
htonl
inet_ntoa
ntohs
getsockname
bind
recvfrom
__WSAFDIsSet
recv
socket
gethostbyname
htons
setsockopt
WSACleanup
WSAStartup
select

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

DuDuEndWork
DuDuRuning
DuDuWorking
ServiceMain

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

449acac94d445251bceaee886a7b4136

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 11KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 11KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 5KB - Virtual size: 5KB