83c828d4532e5655035d1929e2881e74_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

83c828d4532e5655035d1929e2881e74_JaffaCakes118
Size

130KB
MD5

83c828d4532e5655035d1929e2881e74
SHA1

1100e0656d13de98ac6dbc9c30663ce2738ae543
SHA256

82d01341906e9515132773386be12ad915db43a4b6cb3f120bca9a4e138047ad
SHA512

2bc503336b1a6c80a731826450863d1844d4fbd200b09ee1c225afcf97eec4f7159cbf19e4f00af669f4e0256141b3d422f0688789f2e3cc538e6264faf49b9a
SSDEEP

3072:0S2Zn1pMBkwm6gX0lqpFyndM7pzS8dL0sSlEGedPE:YeBkwm6E0k4wztlLGehE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83c828d4532e5655035d1929e2881e74_JaffaCakes118

Files

83c828d4532e5655035d1929e2881e74_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e0baca2b7da046b905a5822c43cc67f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetServiceDisplayNameA
SetSecurityDescriptorOwner
SetServiceBits
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CloseEventLog
DeregisterEventSource
EnableTrace
LookupAccountSidW
NotifyChangeEventLog
ReadEventLogW
RegQueryValueExW
WriteEncryptedFileRaw

gdi32

SetBkMode
CreateEllipticRgn
DeleteDC
DeleteObject
GetBrushOrgEx
RemoveFontResourceW
PlayEnhMetaFile

kernel32

AddConsoleAliasA
DnsHostnameToComputerNameW
GetFullPathNameW
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiW
GetCommandLineW
DeleteCriticalSection
GetCurrentProcess
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LocalAlloc
LocalFree
LocalReAlloc
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
LoadResource
FindResourceA
CloseHandle
CreateEventA
DisableThreadLibraryCalls
DosDateTimeToFileTime
EnterCriticalSection
EnumLanguageGroupLocalesA
FindFirstVolumeMountPointW
FindResourceExW
FormatMessageW
FreeLibrary
GetLastError
GetProfileIntW
HeapLock
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LockResource
SetEvent
VirtualQuery
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
SetEnvironmentVariableA
GetTimeFormatA
HeapSize
LoadLibraryA
InterlockedExchange
RtlUnwind
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
FatalAppExitA
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
GetCurrentThread
TlsFree

ole32

StringFromGUID2
ReleaseStgMedium
CoTaskMemAlloc
CoUnloadingWOW
CoCreateObjectInContext
CoRegisterPSClsid

oleaut32

VarBoolFromR4
VarDateFromDec
LPSAFEARRAY_Unmarshal

rpcrt4

I_RpcServerUseProtseqEp2A
RpcServerListen
NdrInterfacePointerUnmarshall
RpcIfIdVectorFree
RpcBindingVectorFree

user32

MapWindowPoints
LoadImageW
IsWindow
GetWindowTextW
GetWindowRect
GetWindowLongW
GetSystemMenu
GetParent
GetMenuItemInfoA
GetDlgItem
GetClientRect
PostMessageW
EnableMenuItem
DrawMenuBar
DestroyWindow
DestroyIcon
CreateCaret
CharUpperW
AppendMenuA
SetCursor
LoadStringW
EditWndProc
DestroyCursor
SendMessageW
SetFocus
SetTimer
SetWindowLongW
SetWindowTextW
SetWindowPos
ShowWindow
UnhookWindowsHookEx
EnableWindow
MessageBoxW

Exports

Exports

auzcdgbpgmw

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0baca2b7da046b905a5822c43cc67f0

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 4KB