a0251262ad4d673374f2d7952a82283f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0251262ad4d673374f2d7952a82283f_JaffaCakes118
Size

65KB
MD5

a0251262ad4d673374f2d7952a82283f
SHA1

d4d5031c0f10bc066390e0ce3217bf28837c85fd
SHA256

4c55f0456c45148ad8a0ce5edd5a3293797cdadeb1f3fd1197379ba473840049
SHA512

e9adc0f819d23ed6b248c17cd20c32777eb41b3522fe79423da94c24b58b23f760a52b3bcb96ecc50025f69a4a8ff971ec389231b51c46e3f7992bdd068f0848
SSDEEP

768:Fc5qYbELg0lR4vR87M54goZHOttoqp4LXc+oWY8euZ1g9UcqUNxt+k4fHAcpSmIE:FcBrToktb4IJfUHUNh4kxLNsd96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0251262ad4d673374f2d7952a82283f_JaffaCakes118

Files

a0251262ad4d673374f2d7952a82283f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

faffb8b77df997d79d8ba013b38d32fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

memset
strncpy
strlen
memmove
_strnicmp
strncmp
_strdup
free
sprintf
memcpy
wcslen
strcat
strcpy
strcmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

HeapCreate
HeapDestroy
MoveFileA
GetCurrentProcess
OpenProcess
CreateProcessA
CloseHandle
Sleep
FindFirstFileA
FindClose
CreateFileA
SetFileTime
GetDriveTypeA
SetCurrentDirectoryA
SetFileAttributesA
GetWindowsDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleHandleA
GetModuleFileNameA
GetLastError
TerminateProcess
GetSystemDirectoryA
ExitProcess
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
CreateThread
TerminateThread
GetTickCount
WideCharToMultiByte
FreeLibrary
LoadLibraryA
GetProcAddress
DeleteFileA
FindNextFileA
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
CopyFileA
WriteFile
GetFileSize
SetFilePointer
ReadFile
HeapReAlloc
WaitForMultipleObjects
ResetEvent
SetEvent
TlsGetValue
TlsSetValue
GetCurrentThread
DuplicateHandle
TlsAlloc
CreateEventA
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
DeviceIoControl
GlobalAlloc
LoadLibraryExA
GlobalFree
lstrcatA

user32

GetClassNameA
CreateDesktopA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetForegroundWindow
GetWindowTextA
GetWindowThreadProcessId
EnumChildWindows
MoveWindow
ShowWindow
RegisterWindowMessageA
SendMessageTimeoutA
PostMessageA

advapi32

OpenProcessToken
CreateProcessAsUserA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyExA
QueryServiceStatus
StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyA
RegDeleteValueA
OpenServiceA
ControlService

oleaut32

SysAllocString

wsock32

WSAStartup
htons
inet_addr
socket
connect
send
closesocket
sendto
gethostbyname
WSACleanup
gethostname

iphlpapi

GetAdaptersInfo

ole32

CoInitialize
CoUninitialize
CoCreateGuid

shlwapi

UrlUnescapeA
PathFindExtensionA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntryA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

Exports

Exports

DllRegisterServer
ServiceHandler
ServiceMain

Sections

.code
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 1024B - Virtual size: 982B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faffb8b77df997d79d8ba013b38d32fd

Headers

File Characteristics

Imports

crtdll

kernel32

user32

advapi32

oleaut32

wsock32

iphlpapi

ole32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.code Size: 30KB - Virtual size: 29KB

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 512B - Virtual size: 139B

.data Size: 10KB - Virtual size: 10KB

.flat Size: 1024B - Virtual size: 982B

.reloc Size: 2KB - Virtual size: 2KB

.code
Size: 30KB - Virtual size: 29KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 512B - Virtual size: 139B

.data
Size: 10KB - Virtual size: 10KB

.flat
Size: 1024B - Virtual size: 982B

.reloc
Size: 2KB - Virtual size: 2KB