8c3c64ca00c7300b8518bd5df9cadca4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c3c64ca00c7300b8518bd5df9cadca4_JaffaCakes118
Size

49KB
MD5

8c3c64ca00c7300b8518bd5df9cadca4
SHA1

4f95349018e13f8d09ccbec01914ffdba3829eee
SHA256

083699e6c42aee5d90976700d00fc7456a732638715e39f44802c3e416dd30c6
SHA512

ed735bc5a05e6f28ae47c0181c7b84225d90b5c005d529f7ee17d4b6b9331f8995a64d24d023a1a00eec8a8a2f782e620e4b8c1604162213387ebed27b4b563e
SSDEEP

1536:4Y9zfMGjmTR3faHQW5HdgPeiXAQEG3hKkck:4CAGahab5H+PerQ3hxck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c3c64ca00c7300b8518bd5df9cadca4_JaffaCakes118

Files

8c3c64ca00c7300b8518bd5df9cadca4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

500b2af1e1b7ebf6bba66e716ad9fcb5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegisterServiceCtrlHandlerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
GetUserNameW

user32

MsgWaitForMultipleObjects
LoadStringW
PostThreadMessageW
wsprintfW
GetMessageW
PeekMessageW

ws2_32

inet_ntoa
ntohl
ntohs
WSAStartup
WSACleanup
WSAGetLastError
gethostbyname
closesocket
connect
htons
socket
ioctlsocket
recv
send
__WSAFDIsSet
select
htonl
setsockopt
bind
recvfrom
getsockname

kernel32

SetFilePointer
SetLastError
GetComputerNameW
lstrcpyW
GetVersionExW
GetSystemInfo
GlobalMemoryStatus
GetTickCount
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
lstrcpyA
CreateFileA
WinExec
GetCurrentProcess
CreatePipe
GetStartupInfoW
GetSystemDirectoryW
CreateProcessW
WriteFile
TerminateProcess
TerminateThread
DisconnectNamedPipe
PeekNamedPipe
ReadFile
FindResourceW
LoadResource
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
CloseHandle
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResumeThread
CreateThread
SetErrorMode
GetLastError
CreateMutexW
SetEvent
FindClose
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
CreateFileW
CreateDirectoryW
GetFileAttributesW
MoveFileW
LockResource
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
ResetEvent
DeleteFileW
lstrcatW
GetTempPathW
GetCurrentThreadId

shell32

SHFileOperationW
ShellExecuteW

msvcrt

_beginthreadex
wcscpy
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
fopen
fwrite
fclose
wcsstr
wcsncmp
wcscat
_wtoi
strstr
isspace
strtol
_stricmp
atoi
_strdup
wcslen
swprintf
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_strnset
sprintf

avicap32

capGetDriverDescriptionW

Exports

Exports

SvcEntry_Seclogon

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

500b2af1e1b7ebf6bba66e716ad9fcb5

Headers

File Characteristics

Imports

advapi32

user32

ws2_32

kernel32

shell32

msvcrt

avicap32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 68KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 68KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB