6480a6af9763abbd64da764f00a2318a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6480a6af9763abbd64da764f00a2318a_JaffaCakes118
Size

140KB
MD5

6480a6af9763abbd64da764f00a2318a
SHA1

99c729e8ce5be9ad9eb3414d7067cd705ba97a9c
SHA256

83da71f1a99d2bc235873ad462e38de7762f74334b2f77856eed7a860f882fc3
SHA512

33586d982142b5fef859f5be47f996230588da75f4474bc9f09a0c86ea46cf479946b88da938fcb15be679711afa0d84ed880fd92ead67c4354b474bf7486ff9
SSDEEP

3072:JEZczS/kau5fZwt5aHzuFHRtdnWsOih8HQM86P/a8foc/VWJx:iZtkau5fZwtY8RtdzHh8HY6Pf/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6480a6af9763abbd64da764f00a2318a_JaffaCakes118

Files

6480a6af9763abbd64da764f00a2318a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9025494e28bd71024214e830a752eb6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
DuplicateHandle
GetSystemDirectoryA
GetCurrentProcess
CreatePipe
ExitThread
ReadFile
PeekNamedPipe
FindNextFileA
FindFirstFileA
FreeConsole
lstrlenA
GetDriveTypeA
DisconnectNamedPipe
TerminateProcess
TerminateThread
WriteFile
GetCurrentThreadId
GetComputerNameA
GetVersionExA
FindClose
CreateFileA
GetFileSize
CloseHandle
Sleep
FreeLibrary
DeleteFileA
GlobalAlloc
GlobalReAlloc
GlobalFree
FileTimeToLocalFileTime
lstrcpyA
FileTimeToSystemTime
HeapFree
WideCharToMultiByte
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
SetUnhandledExceptionFilter
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
GetACP
LCMapStringW
LCMapStringA
SetEndOfFile
SetEnvironmentVariableA
GetVersion
CompareStringW
CompareStringA
LoadLibraryA
GetOEMCP
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetLastError
ResumeThread
CreateThread
TlsSetValue
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCommandLineA
RaiseException
ExitProcess
HeapCreate
HeapAlloc
HeapReAlloc
HeapSize
SetFilePointer
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
HeapDestroy
SetHandleCount
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
GetModuleFileNameA
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

MessageBoxA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
GetUserObjectInformationA
OpenWindowStationA
EnumWindowStationsA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
OpenDesktopA
ReleaseDC
GetDC
GetClientRect
WindowFromDC
wsprintfA
GetActiveWindow

gdi32

GetDIBits
SelectPalette
GetObjectA
GetStockObject
GetPaletteEntries
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

ws2_32

htons
WSAStartup
send
recv
inet_addr
connect
gethostname
gethostbyname
inet_ntoa
WSACleanup
closesocket
socket

Exports

Exports

ServiceMain

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9025494e28bd71024214e830a752eb6f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 7KB