94356575b59d42ec1864dd1a6d737df9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94356575b59d42ec1864dd1a6d737df9_JaffaCakes118
Size

55KB
MD5

94356575b59d42ec1864dd1a6d737df9
SHA1

ac0d37bf808069e0d6a4a6421e68f5004160f1f7
SHA256

461a45cd9ace1b6d834fe45fcf015a03699b47c264f9a9e7ed7079beb52f7154
SHA512

cec4fd4d38c4b3ab00618a8f9baa3f8e62770fd8d8642e4a88a9ddc5b06d7422f0bef23bb6d1cafb45a9052b167c50953b807593527e5acc80666f750ddc8c94
SSDEEP

768:ztZQ+Owg0pl1JRrbpakuIenJuVDt2pFnToIf12FhnSymeaQSTnD0C:w+u6d3a3IenskFnToIf6RmeaQKgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94356575b59d42ec1864dd1a6d737df9_JaffaCakes118

Files

94356575b59d42ec1864dd1a6d737df9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6d3528471093d21b3504c411543816d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeConsole
GlobalFree
GlobalAlloc
lstrcmpiA
Process32Next
ExitProcess
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
VirtualAlloc
CreateFileA
GetFileSize
GetCurrentThread
SetThreadPriority
GetTickCount
GetModuleFileNameA
WinExec
LocalAlloc
LocalFree
GetCurrentThreadId
lstrcpyA
SetProcessShutdownParameters
TerminateProcess
GetCurrentProcess
Module32First
OpenProcess
GetPriorityClass
OutputDebugStringA
lstrlenA
SetLastError
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileA
CopyFileA
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
CloseHandle
ReadFile
CreateThread
WaitForSingleObject
WriteFile
CreateToolhelp32Snapshot

user32

TranslateMessage
PeekMessageA
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
DispatchMessageA
GetThreadDesktop
GetProcessWindowStation
CloseWindowStation
PostMessageA
SetCursorPos
keybd_event
GetSystemMetrics
DrawIconEx
GetCursorInfo
CreateWindowExA
DefWindowProcA
LoadCursorA
wsprintfA
OpenWindowStationA
RegisterClassExA

gdi32

DeleteDC
GetDIBits
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject

advapi32

ChangeServiceConfigA
StartServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
ControlService
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyA
CreateServiceA
DeleteService
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
CreateProcessAsUserA
LogonUserA
RegDeleteKeyA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA

msvcrt

strcspn
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
atol
_local_unwind2
malloc
free
wcstombs
_ftol
??3@YAXPAX@Z
strstr
_strlwr
atoi
time
srand
rand
_except_handler3
_CxxThrowException
__CxxFrameHandler
sprintf
strncpy
??2@YAPAXI@Z

ws2_32

connect
socket
htons
closesocket
gethostbyname
WSAIoctl
WSACleanup
setsockopt
send
shutdown
WSAStartup
inet_addr
recv

shlwapi

SHDeleteKeyA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

NetUserAdd
NetLocalGroupAddMembers
NetUserDel

Exports

Exports

CloseINFOPerformanceData
CollectW3PerfData
IISEnumerateUsers
OpenINFOPerformanceData

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d3528471093d21b3504c411543816d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

shlwapi

wtsapi32

userenv

netapi32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB