8bb1076ba3e666b4e533f17cff2290ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bb1076ba3e666b4e533f17cff2290ad_JaffaCakes118
Size

236KB
MD5

8bb1076ba3e666b4e533f17cff2290ad
SHA1

37fac3b8506072663b4dbf99b9c68addb0684689
SHA256

7705dd4f6777b2d7a365c67e16db321cb126912e53f526db9b32d5157fabe80f
SHA512

19804f745ec2c6fac4a34d477e8d6e1cb35e0881446f570d396479a2cb11c9bc09359c56c03bcb561aad0c3531e9ffcc76fb7cd98d47b36ab121965f4659f090
SSDEEP

6144:g4Tu0eQK5WAqFQ5d1J2406ZaqK16zNVi:7irWAqFid14/6ZaT1EO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bb1076ba3e666b4e533f17cff2290ad_JaffaCakes118

Files

8bb1076ba3e666b4e533f17cff2290ad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7040bba947fb5c3be3c54c3c5eb3c345

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoA
RaiseException
GetModuleHandleA
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
CompareStringW
CompareStringA
SetStdHandle
VirtualProtect
GetCurrentProcessId
QueryPerformanceCounter
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
IsBadWritePtr
InterlockedExchange
CreateEventA
FormatMessageA
LocalFree
GetFileTime
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
GetCommandLineA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
GetVolumeInformationA
GetDiskFreeSpaceExA
GetVersionExA
ProcessIdToSessionId
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
SetErrorMode
MoveFileExA
OutputDebugStringA
LCMapStringA
GetSystemDirectoryA
CreateFileA
DeviceIoControl
GetFileAttributesA
DisableThreadLibraryCalls
GetModuleFileNameA
CreateThread
SetLastError
FreeLibrary
LoadLibraryA
GetTickCount
CreateToolhelp32Snapshot
Process32First
Sleep
Process32Next
CloseHandle
GlobalMemoryStatus
CreatePipe
GetStartupInfoA
PeekNamedPipe
MoveFileA
GetDriveTypeA
GetLastError
SetFileTime
SetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
SetUnhandledExceptionFilter
ExitProcess
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCurrentThreadId
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
SetEnvironmentVariableA

user32

GetCursorPos
SystemParametersInfoA
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
keybd_event
MapVirtualKeyA
mouse_event
GetDesktopWindow
CloseDesktop
SwitchDesktop
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
GetClassNameA
FindWindowA
EnumDesktopWindows
GetWindowRect
SetThreadDesktop
ReleaseDC
GetThreadDesktop
GetWindowDC
OpenClipboard
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation

gdi32

CreateCompatibleBitmap
GdiFlush
GetObjectA
CreateBitmap
SelectObject
SetPixel
GetBitmapBits
BitBlt
GetDIBits
GetSystemPaletteEntries
CreatePalette
SelectPalette
DeleteObject
RealizePalette
CreateDCA
GetDeviceCaps
DeleteDC
CreateCompatibleDC

advapi32

RegCreateKeyA
RegOpenKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateProcessAsUserA
FreeSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetEntriesInAclA
MakeAbsoluteSD
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
SetKernelObjectSecurity
AllocateAndInitializeSid
BuildTrusteeWithSidA
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RevertToSelf
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
ControlService
DeleteService
RegDeleteKeyA

shell32

CommandLineToArgvW
SHFileOperationA

ole32

CoInitialize
CoCreateInstance

ws2_32

ntohs
inet_ntoa
getpeername
inet_addr
WSACleanup
shutdown
htons
gethostname
__WSAFDIsSet
send
WSAIoctl
getsockname
ntohl
WSAGetLastError
WSADuplicateSocketA
select
recvfrom
gethostbyname

netapi32

NetApiBufferFree
NetUserEnum
NetUserDel
NetUserSetInfo
NetLocalGroupAddMembers
NetUserAdd

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

DllMain
Install
ServiceMain
ShellMain
ShellMainThread

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7040bba947fb5c3be3c54c3c5eb3c345

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

netapi32

psapi

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 24KB - Virtual size: 1.0MB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 24KB - Virtual size: 1.0MB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 12KB