5c7e632511292e9ba4815211dc2010b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c7e632511292e9ba4815211dc2010b2_JaffaCakes118
Size

276KB
MD5

5c7e632511292e9ba4815211dc2010b2
SHA1

238c42474f6becf52af33452b3f12aa9c1924809
SHA256

5448ecd6bdb4c69fc10014ccfb4b893d5bdfe606c8938f1f239a24f4c7f51b04
SHA512

d535c41ff8580c0a2da03a73af96586bcc90e6f62cba3b2091099bc8c198749966643f3de37e56e6027839ba932391f93f3cec82aab9105c5ca0fab112dea47f
SSDEEP

6144:+yrvFQw0jmsmEYsVqjqNqGpKLeEzhS3LQOQ/mV4qe:NjFQbM6gjiqTdOp4qe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c7e632511292e9ba4815211dc2010b2_JaffaCakes118

Files

5c7e632511292e9ba4815211dc2010b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6b4340ccdd1548a692a28fa7ab73818a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
SetThreadPriority
FreeLibrary
FindResourceA
DuplicateHandle
SizeofResource
LoadResource
LockResource
GetTempPathA
GetTempFileNameA
VirtualFreeEx
CreateRemoteThread
VirtualQueryEx
GlobalFree
GetCurrentThreadId
SetErrorMode
DeviceIoControl
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
VirtualFree
FreeConsole
GetSystemDirectoryW
FindCloseChangeNotification
GlobalMemoryStatus
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetSystemTime
GetSystemInfo
GetTickCount
GetExitCodeThread
GetCurrentProcess
FindClose
OpenProcess
CreateFileW
VirtualProtectEx
ResumeThread
GetModuleHandleA
ReadProcessMemory
GetWindowsDirectoryW
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetProcAddress
CreateFileA
GetFileSize
ReadFile
DisableThreadLibraryCalls
GetCurrentProcessId
GetModuleFileNameA
SetEvent
WaitForSingleObject
TerminateThread
CreateThread
CreateEventA
Sleep
CancelIo
CreateProcessA
CloseHandle
TerminateProcess
ResetEvent
GetLastError
GetEnvironmentStringsW
WaitForMultipleObjects
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualAlloc
SetUnhandledExceptionFilter
GetEnvironmentVariableA
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
HeapSize
ExitProcess
InitializeCriticalSection
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
TlsFree
GetCommandLineA
WideCharToMultiByte
GetVersion
MultiByteToWideChar
InterlockedIncrement
HeapReAlloc
HeapAlloc
HeapFree
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetEndOfFile
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
FlushFileBuffers
SetStdHandle
RaiseException
SetHandleCount
IsBadWritePtr
RtlUnwind
GetStdHandle
FreeEnvironmentStringsA
SetFilePointer
GetFileType
GetStartupInfoA

user32

GetWindowThreadProcessId
EnumWindowStationsA
SetUserObjectSecurity
FindWindowExA
UnregisterClassA
CloseWindowStation
CloseDesktop
GetDC
DestroyWindow
ReleaseDC
SetThreadDesktop
CreateWindowExA
RegisterClassA
SetProcessWindowStation
OpenDesktopA
EnumDesktopsA
GetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
ShowWindow
FillRect
DrawTextA
GetUserObjectInformationA
ShowCursor
GetWindowRect
SetForegroundWindow
DefWindowProcA
SetFocus
GetDesktopWindow
ExitWindowsEx
GetUserObjectSecurity

gdi32

GetDeviceCaps
CreateDIBSection
BitBlt
GdiFlush
CreateFontIndirectA
CreateSolidBrush
SetBkColor
SetTextColor
DeleteObject
GetStockObject
SelectObject
CreateCompatibleDC

comdlg32

GetFileTitleA

advapi32

LsaEnumerateAccountRights
AllocateLocallyUniqueId
LookupPrivilegeValueW
LookupAccountNameW
GetTokenInformation
CreateServiceA
CloseServiceHandle
IsValidSid
GetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
OpenEventLogA
ClearEventLogA
CloseEventLog
QueryServiceStatus
OpenSCManagerA
OpenServiceA
LookupAccountNameA
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
SetSecurityInfo
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LsaClose
LsaOpenPolicy
LsaFreeMemory
LookupAccountSidW
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CreateProcessAsUserA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
QueryServiceConfigA
EnumServicesStatusA
StartServiceA
ControlService
DeleteService
ChangeServiceConfigA
ChangeServiceConfig2A
RegOpenKeyA
InitiateSystemShutdownA

shell32

CommandLineToArgvW

ws2_32

select
WSACleanup
gethostbyname
socket
connect
inet_ntoa
shutdown
listen
ntohl
ntohs
send
WSAStartup
WSASocketA
htons
bind
WSAGetLastError
closesocket
setsockopt
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
recv

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

netapi32

NetUserGetGroups
NetUserGetLocalGroups
NetUserAdd
NetLocalGroupAddMembers
NetApiBufferFree

psapi

EnumProcessModules
GetModuleInformation
EnumProcesses
GetModuleFileNameExA

dnsapi

DnsQuery_A
DnsRecordListFree

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions

mswsock

AcceptEx
TransmitFile

Exports

Exports

DllMain

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b4340ccdd1548a692a28fa7ab73818a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ws2_32

wininet

netapi32

psapi

dnsapi

userenv

secur32

mswsock

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 36KB - Virtual size: 41KB

.rsrc Size: 60KB - Virtual size: 58KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 36KB - Virtual size: 41KB

.rsrc
Size: 60KB - Virtual size: 58KB

.reloc
Size: 12KB - Virtual size: 10KB