6056f080b222a834cefc00cc94cdefcb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6056f080b222a834cefc00cc94cdefcb_JaffaCakes118
Size

61KB
MD5

6056f080b222a834cefc00cc94cdefcb
SHA1

5632c93e0cd392f552820ee72ed5699b877eaa64
SHA256

02b720598e7aeee9b72be48748e2603aa5e50502b115c05050cb423adec37734
SHA512

f15530f91aed87da265ee9718e2cb6746fdb0338b2091842a98ecc7b9c1bf8f8766fc2d0f18b23b7a4cee1d7e984434602d20de187a44f2fe47b297c56ee0349
SSDEEP

1536:QBqW64tDtUZf//intDgutbCduVbfIGhn:pqGZantDDtbCMVbffhn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6056f080b222a834cefc00cc94cdefcb_JaffaCakes118

Files

6056f080b222a834cefc00cc94cdefcb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8c1d1719479ab267bba5129d89331294

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
WaitForSingleObject
GetFileAttributesA
OpenFileMappingA
ExitProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
CreateThread
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

CallNextHookEx
ToAscii
GetKeyboardState
GetKeyNameTextA
GetKeyState
GetWindowTextA
GetParent
GetClassNameA
CloseClipboard
GetClipboardData
OpenClipboard
CallWindowProcA
DefWindowProcA
SetWindowLongA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
LoadCursorA
GetWindowLongA
MapVirtualKeyA
FindWindowA
EnumChildWindows
RegisterClassA
SendMessageA

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

msvcrt

fwrite
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
wcstombs
fseek
ftell
malloc
realloc
free
atoi
isalpha
_CxxThrowException
_mbsstr
strftime
_mbsicmp
localtime
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
_mbscmp
strcat
_mbsrev
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler
fopen
fread
fclose

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c1d1719479ab267bba5129d89331294

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB