8509ce940d4adee244eb0e22f55ee97a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8509ce940d4adee244eb0e22f55ee97a_JaffaCakes118
Size

62KB
MD5

8509ce940d4adee244eb0e22f55ee97a
SHA1

535079cafa430b4c69442cff38056d1b05448c3c
SHA256

d4300d37b18336a0ba96a71270eb81cd6901c168a699fe82f6223048f6d13d7c
SHA512

f7343acaa6586d472f536858b307dc4380d7c20319664e5b4f0ed413c10732ec5971d13582986b796b37c8f544abb41e76019ab55f1ff314414c6c0151298b92
SSDEEP

1536:doOdnBS42N5/D42hFmmdXtv7vBobW8bBmmYD+T:ReDL4/mdXtqbBpYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8509ce940d4adee244eb0e22f55ee97a_JaffaCakes118

Files

8509ce940d4adee244eb0e22f55ee97a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ed5da1986417d83f96a15da2de1a600f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
WaitForSingleObject
GetFileAttributesA
OpenFileMappingA
ExitProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GlobalUnlock
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
CreateThread
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
OpenProcess
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

ToAscii
GetKeyboardState
GetKeyNameTextA
GetKeyState
GetWindowTextA
GetParent
GetClassNameA
CloseClipboard
GetClipboardData
GetWindowLongA
SendMessageA
DefWindowProcA
RegisterClassA
SetWindowLongA
CallWindowProcA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
EnumChildWindows
CallNextHookEx
MapVirtualKeyA
FindWindowA
LoadCursorA
OpenClipboard

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

msvcrt

fwrite
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
wcstombs
fseek
ftell
malloc
realloc
free
atoi
isalpha
_CxxThrowException
_mbsstr
strftime
_mbsicmp
localtime
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
_mbscmp
strcat
_mbsrev
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler
fopen
fread
fclose

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed5da1986417d83f96a15da2de1a600f

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB