7412febfa99b3f9e5ccb6b0420b357ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7412febfa99b3f9e5ccb6b0420b357ec_JaffaCakes118
Size

156KB
MD5

7412febfa99b3f9e5ccb6b0420b357ec
SHA1

3d57e1ea936748130f23c848bd152ea54247fcfc
SHA256

0f64b440f4fb1a922f48180350c0e2b037e131c5fba729b62f45f78dbd6fbc6f
SHA512

15bd21a862b170cde253f57950408c283fa7642598a0faa937137b927523c51647fe01fd269271587a8b03ce23d64e15f1cb2cfa7d9cfd7f7866de9574825d96
SSDEEP

3072:FaEbOBMIZkWucC1RXeZroCpXxf0Oz+DnTnLnTn4nTQ9E0mKSWsxLW0u:FaEbaMIZkx9MJoCpXxfJiDnTnLnTn4nO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7412febfa99b3f9e5ccb6b0420b357ec_JaffaCakes118

Files

7412febfa99b3f9e5ccb6b0420b357ec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cf45eb1e0255968ccd9bd68fa8d72988

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysFreeString

kernel32

lstrcmpA
Sleep
GetCurrentThreadId
ReleaseMutex
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
SetEvent
CreateThread
FreeLibrary
LoadLibraryA
TlsGetValue
TlsSetValue
DuplicateHandle
GetCurrentThread
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpiA
lstrcmpiW
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
VirtualProtect
Module32Next
Module32First
CreateToolhelp32Snapshot
VirtualFree
VirtualAlloc
GetModuleHandleW
TlsAlloc
GetCommandLineA
UnmapViewOfFile
SetEnvironmentVariableA
OpenProcess
MapViewOfFile
GetLastError
ReadFile
GetFileSize
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetSystemTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
MoveFileA
MoveFileExA
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
SystemTimeToFileTime
WriteFile
IsBadReadPtr
SetErrorMode
HeapCreate
HeapReAlloc
HeapSize
GetLocalTime
GetLocaleInfoA
GetWindowsDirectoryA
FileTimeToSystemTime
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileTime
GetLogicalDrives
CreatePipe
CreateProcessA
GetExitCodeProcess
PeekNamedPipe
ResumeThread
TerminateThread
lstrlenW
TerminateProcess
FormatMessageA
GetFileType
CloseHandle
CreateFileMappingA
CreateFileA
CreateEventA
CreateMutexA
GetSystemDirectoryA
GetVolumeInformationA
GetCurrentProcessId
GetEnvironmentVariableA
MultiByteToWideChar

user32

DefWindowProcA
DestroyWindow
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
PostQuitMessage
RegisterClassA
TranslateMessage
UnregisterClassA
GetLastInputInfo
ExitWindowsEx
GetWindowRect
IsWindowVisible
SendMessageTimeoutA
CharToOemBuffA
OemToCharBuffA
IsWindow
ShowWindow
SetWindowTextA
GetClientRect
SetWindowLongA
MoveWindow
SystemParametersInfoA
GetWindowLongA
LoadCursorA
wsprintfA
CreateWindowExA
GetWindowTextA
GetParent
MapVirtualKeyW
GetActiveWindow
GetKeyboardState
ToUnicode
CallNextHookEx
GetThreadDesktop
PostThreadMessageA
EnumWindows
SetWindowsHookExA
UnhookWindowsHookEx
PostMessageA
EnumChildWindows
GetClassNameA
GetWindowThreadProcessId

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
InitiateSystemShutdownA
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegNotifyChangeKeyValue
RegOpenKeyExA

virtualizersdk32

ord1
ord2

ole32

CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
StringFromGUID2
OleInitialize

ws2_32

getsockname
send
recv
listen
ioctlsocket
connect
bind
socket
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSACleanup
WSAGetLastError
WSAStartup
accept
closesocket
inet_addr
inet_ntoa
shutdown
gethostname
WSAAsyncSelect

Exports

Exports

cleanup
init

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf45eb1e0255968ccd9bd68fa8d72988

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

advapi32

virtualizersdk32

ole32

ws2_32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 6KB