894a9e442e5eb5eb9fa04793353b92b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

894a9e442e5eb5eb9fa04793353b92b7_JaffaCakes118
Size

883KB
MD5

894a9e442e5eb5eb9fa04793353b92b7
SHA1

33ad9e31fc1e6dee94821d88bba9f2aff41adc99
SHA256

87205607f52628abe91f6a3485867c34a1e3013c8809ea6d9040e4f04ae9b187
SHA512

c5e6cba2583f9cb510fded6cd26166211c7adc8a305f14601bc05cec44ac8a2179382ffb933241c07fafaa4d3fabfb4b81be571e38c68410159f8e6075cb6d2f
SSDEEP

12288:3X6Codjrorf106pHCQvghogSdAdNNp0inVkXoHW:3XhodwrfqbWClpfnVkYHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
894a9e442e5eb5eb9fa04793353b92b7_JaffaCakes118

Files

894a9e442e5eb5eb9fa04793353b92b7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e11b77ff75039b224da430b01086c363

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
FreeLibrary
InterlockedDecrement
TerminateProcess
DuplicateHandle
GetVersionExA
SetCurrentDirectoryA
GetCommandLineW
OpenEventA
CreateThread
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualQuery
SetFilePointer
ReadFile
OpenFileMappingA
LocalAlloc
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetFileInformationByHandle
GetSystemTime
SystemTimeToFileTime
GetWindowsDirectoryA
GetLongPathNameA
QueryPerformanceCounter
CreateEventA
GetTickCount
GetProcAddress
SuspendThread
GetSystemDirectoryA
CopyFileA
CreateProcessA
Sleep
GetCurrentProcess
CloseHandle
CreateFileA
WriteFile
SetLastError
FormatMessageA
LocalFree
GetVolumeInformationA
GetLastError
GetFullPathNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
MoveFileExA
DeleteFileA
GetTempPathA
WideCharToMultiByte
WaitForMultipleObjects
GetCurrentThreadId
ReleaseMutex
CreateMutexA
OpenProcess
PeekNamedPipe
CreatePipe
SetEvent
WaitForSingleObject
GetFileSize
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
DeleteFileW
GetTempPathW
GetTempFileNameW
MoveFileExW
GetWindowsDirectoryW
CreateFileW
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
GetTempFileNameA
GetModuleFileNameA
LCMapStringA
FlushFileBuffers
GetCurrentProcessId
GlobalMemoryStatus
GetVersion
GetFileType
GetStdHandle
FlushConsoleInputBuffer
GetCurrentDirectoryA
MultiByteToWideChar
GetFileAttributesA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
TlsSetValue
TlsGetValue
ExitThread
ResumeThread
RaiseException
HeapReAlloc
GetCommandLineA
GetTimeZoneInformation
SetConsoleCtrlHandler
ExitProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetHandleCount
GetStartupInfoA

advapi32

RegQueryValueExA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CredFree
CredEnumerateW
RegOpenKeyExW
RegCreateKeyExW
RegisterEventSourceW
RegCreateKeyA
RegOpenKeyA
QueryServiceConfigA
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
RegDeleteValueA
RevertToSelf
ImpersonateLoggedOnUser
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
ChangeServiceConfigA
RegSetValueExW
RegCloseKey
RegCreateKeyExA
StartServiceA
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegSetValueExA
OpenSCManagerA
CloseServiceHandle
OpenServiceA
OpenProcessToken

shell32

CommandLineToArgvW
SHFileOperationA

ole32

CoTaskMemFree

oleaut32

GetErrorInfo
VariantClear

wininet

HttpSendRequestA
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetSetOptionA

shlwapi

SHDeleteKeyW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveFileSpecA
PathIsDirectoryA
PathFileExistsA
PathAppendA
PathIsFileSpecA
SHDeleteValueA
SHDeleteKeyA
PathRemoveBackslashA

ws2_32

socket
WSAStartup
recv
send
htons
connect
gethostbyname
inet_addr
gethostbyaddr
gethostname
inet_ntoa
select
WSAGetLastError
accept
listen
bind
htonl
WSASetLastError
ntohs
getservbyname
ioctlsocket
ntohl
closesocket
getsockname
setsockopt
shutdown

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

psapi

EnumProcesses
GetModuleBaseNameA

crypt32

CryptUnprotectData

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

Exports

Exports

DllGetClassObject
GetStartObjectEx
ServiceMain

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e11b77ff75039b224da430b01086c363

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

ws2_32

userenv

psapi

crypt32

user32

gdi32

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 597KB

.rdata Size: 151KB - Virtual size: 150KB

.data Size: 84KB - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 598KB - Virtual size: 597KB

.rdata
Size: 151KB - Virtual size: 150KB

.data
Size: 84KB - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 46KB