8c6eaa80ed7d815bbf77f8d674cc46c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8c6eaa80ed7d815bbf77f8d674cc46c8_JaffaCakes118
Size

104KB
MD5

8c6eaa80ed7d815bbf77f8d674cc46c8
SHA1

406348fc96844a6c904c28648c491775380f8ad5
SHA256

850e4fcbbf99c1944441dc2cdefad543a376da6d2e510e7f57895f666d6561d4
SHA512

5443ada34fb3e15b57acd31a7b27d245e16b40ddf837ae337314a25b08c7318741650734997bbe995f620641423f132e03c4e7a85975aa7a15cc42ad76c4847b
SSDEEP

3072:1jfd9IIExERZc9CfX43KQrYios0Xmd4Xiuo85:1Z8ERaCfm0iKXmd4Sg5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c6eaa80ed7d815bbf77f8d674cc46c8_JaffaCakes118

Files

8c6eaa80ed7d815bbf77f8d674cc46c8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

38a659967d2b4225004af2eb75004fe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
GetLastError
CreateDirectoryA
ExitProcess
CreateThread
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrcmpiA
_lopen
_lclose
WriteFile
WinExec
TerminateProcess
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetPriorityClass
SetNamedPipeHandleState
SetFilePointer
SetFileAttributesA
SetEndOfFile
ResumeThread
ReadFile
OpenProcess
MoveFileExA
MoveFileA
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExA
GetThreadPriority
GetSystemDirectoryA
GetStartupInfoA
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLastError
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetComputerNameA
GetCommandLineA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
ExitThread
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
VirtualProtect
GetModuleFileNameA
ExitProcess

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfigA

gdi32

StretchDIBits
SetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetPaletteEntries
GdiFlush
DeleteObject
DeleteDC
CreateHalftonePalette
CreateDIBSection
CreateCompatibleDC
BitBlt

user32

mouse_event
keybd_event
VkKeyScanA
ShowWindow
SetWindowTextA
SetThreadDesktop
SetRect
SetProcessWindowStation
SetCursorPos
SetClipboardData
SendMessageA
ReleaseDC
PostMessageA
OpenWindowStationA
OpenInputDesktop
OpenDesktopA
OpenClipboard
MapVirtualKeyA
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetThreadDesktop
GetSystemMetrics
GetProcessWindowStation
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClassNameA
FindWindowA
ExitWindowsEx
EnumWindows
EnableWindow
EmptyClipboard
CloseWindowStation
CloseDesktop
CloseClipboard
CharNextA
MessageBoxA

shell32

ShellExecuteA
SHFileOperationA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
send
select
recv
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket

Exports

Exports

ServiceMain

Sections

CODE
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38a659967d2b4225004af2eb75004fe5

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

shell32

avicap32

wsock32

Exports

Exports

Sections

CODE Size: - Virtual size: 73KB

DATA Size: - Virtual size: 14KB

BSS Size: - Virtual size: 2KB

.idata Size: - Virtual size: 4KB

.edata Size: - Virtual size: 76B

.vmp0 Size: - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 260B

.vmp1 Size: - Virtual size: 27KB

.vmp2 Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 104B

CODE
Size: - Virtual size: 73KB

DATA
Size: - Virtual size: 14KB

BSS
Size: - Virtual size: 2KB

.idata
Size: - Virtual size: 4KB

.edata
Size: - Virtual size: 76B

.vmp0
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 260B

.vmp1
Size: - Virtual size: 27KB

.vmp2
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 104B