a045d2200c89830aac83c5e6b12a1588_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a045d2200c89830aac83c5e6b12a1588_JaffaCakes118
Size

152KB
MD5

a045d2200c89830aac83c5e6b12a1588
SHA1

8a074cc47335720797a378963b2d3044a3e2cce8
SHA256

e3024e7c6fbc8f83931fbc1eaa570fa2c030fbf15b0dbe559186a324e6e553ff
SHA512

c916fc10cefbe588b10b00e26ba3f339d9b8279b49ff58a7fd6167936ea9a09c416beb4371ca1658e495caad68f129df4e16e9d0d1e6c4ceab0720302f0c1cc5
SSDEEP

3072:MkDZPdE/HzcDsdgka0TkWtTBftYLsZ9QpO9t:Mk9PdE/HzKsWkRTRtTB2q9QpO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a045d2200c89830aac83c5e6b12a1588_JaffaCakes118

Files

a045d2200c89830aac83c5e6b12a1588_JaffaCakes118
.dll windows:4 windows x86 arch:x86

89eda0267c000f85fb67c1aa2513c649

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatusEx
TerminateProcess
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CreateEventW
SetEvent
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetStringTypeW
OpenProcess
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
GetCurrentThreadId
SetLastError
GetLastError
CreateDirectoryW
MoveFileW
CreateFileW
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetStringTypeA
GetDiskFreeSpaceExW
GetComputerNameW
GetVersionExW
GlobalMemoryStatus
WideCharToMultiByte
FreeConsole
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
CloseHandle
GetTempPathW
GetTickCount
GetCurrentThread
WriteFile
GetModuleFileNameA
MoveFileExA
WinExec
lstrlenW
lstrcpyW
CreatePipe
GetStartupInfoW
GetSystemDirectoryW
lstrcatW
DeleteFileW
CopyFileW
CreateProcessW
PeekNamedPipe
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
RaiseException
InterlockedIncrement
InterlockedDecrement
RtlUnwind
ReadFile
Sleep
GetEnvironmentStringsW

user32

GetDesktopWindow
wsprintfA
ExitWindowsEx
wsprintfW
GetKeyState
GetAsyncKeyState
GetForegroundWindow
mouse_event
SetThreadDesktop
OpenDesktopW
SetProcessWindowStation
OpenWindowStationW
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
CloseWindowStation
GetSystemMetrics
GetLastInputInfo
GetWindowThreadProcessId
SetCursorPos
keybd_event
GetWindowTextA
IsWindow
SendMessageW
CloseWindow
CreateWindowExW
PostMessageW
ShowWindow
EnumWindows
IsWindowVisible
GetWindowTextW

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteObject
CreateDCW
DeleteDC

advapi32

ChangeServiceConfigW
RegSetValueExW
RegCreateKeyW
LockServiceDatabase
UnlockServiceDatabase
EnumServicesStatusW
QueryServiceConfigW
OpenProcessToken
GetUserNameW
DeleteService
CreateServiceW
RegOpenKeyW
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerA
LookupPrivilegeValueW
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey

shell32

SHFileOperationW
ShellExecuteW

ws2_32

closesocket
connect
htonl
htons
socket
select
send
recv
ntohs
getpeername
gethostbyname
inet_addr
ntohl
inet_ntoa
WSAStartup

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

avicap32

capCreateCaptureWindowW
capGetDriverDescriptionW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

Exports

Exports

InstallServer
RundllInstallA
RundllUninstallA
ServiceMain

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89eda0267c000f85fb67c1aa2513c649

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

wininet

avicap32

psapi

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB