743f7c9f1e7ff61a527c6e350c00504a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

743f7c9f1e7ff61a527c6e350c00504a_JaffaCakes118
Size

100KB
MD5

743f7c9f1e7ff61a527c6e350c00504a
SHA1

0559ee09fee527b2d3747222aa3c829c9c3449e6
SHA256

5bd09fdcbdcc92fde39d8569a12ca135fb7c73aaa069072255a09bd6d40fa41c
SHA512

35c3f35428961b7e0e205dc60e744c1793a6363a402aae619ff3f91e6a9631b96a3885f4c9ef67543e589cce7c99332204ac916d75d21a1885bf122e5a0ac869
SSDEEP

1536:G2dNXP3MM5uHIT2JQBbD2MA+W5BzwHwiBTnHJcmj:G2dN/M6fT2iBbyR+W5pwHwiBTHJnj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
743f7c9f1e7ff61a527c6e350c00504a_JaffaCakes118

Files

743f7c9f1e7ff61a527c6e350c00504a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d5e5d75a1d7fc59eb20b1fb8c9b0fb9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
FileTimeToSystemTime
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetWindowsDirectoryA
TerminateProcess
GetFileSize
GlobalFree
AllocConsole
GetTickCount
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
PeekNamedPipe
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
GetTempPathA
GetSystemInfo
TerminateThread
ExitThread
GetCurrentProcess
VirtualAlloc
CreateThread
MultiByteToWideChar
DeviceIoControl
QueryDosDeviceA
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
SetFilePointer
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetCurrentThreadId
GetSystemTime
lstrcmpA
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
VirtualQueryEx
ReadProcessMemory
GetEnvironmentVariableW
WideCharToMultiByte
GetLogicalDrives
WaitForMultipleObjects
DuplicateHandle
WaitForSingleObject
GetLocaleInfoA
lstrcpyA
lstrcatA
ReadFile
GetLastError
SetEndOfFile
GetFileAttributesA
GetVersionExA
WriteFile
Sleep
GetSystemDirectoryA
LoadLibraryExA
GetModuleHandleA
GetCurrentProcessId
LocalAlloc
LocalFree
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GlobalAlloc

user32

ExitWindowsEx
GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetProcessWindowStation
CharUpperA
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
GetSystemMetrics

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
DeleteService
CreateServiceA
GetAclInformation
GetLengthSid
IsValidSid
AllocateAndInitializeSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
RegCreateKeyA
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
CreateProcessAsUserA
RegEnumKeyExA
GetUserNameW
LookupPrivilegeValueA

shell32

SHFileOperationA

msvcrt

_strupr
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
time
srand
rand
printf
wcscmp
wcslen
strchr
rename
_local_unwind2
atoi
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
fopen
fread
fclose
calloc
strstr
malloc
free
_open
_read
_write
_close
_lseek
remove
_tempnam
sprintf
??3@YAXPAX@Z
strncpy
strrchr
__CxxFrameHandler

netapi32

NetUserEnum
NetShareEnum
NetUserGetInfo
NetApiBufferFree

ws2_32

socket
sendto
WSCEnumProtocols
WSACleanup
gethostname
closesocket
htons
recv
connect
WSAStartup
inet_ntoa
gethostbyname
inet_addr
send

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

EnumProcessModules
GetModuleFileNameExA

ntdll

_stricmp
_strcmpi

Exports

Exports

ServiceMain

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5e5d75a1d7fc59eb20b1fb8c9b0fb9d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

netapi32

ws2_32

iphlpapi

version

psapi

ntdll

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 7KB