a05aecae815a5289a4fec2b749721e2b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a05aecae815a5289a4fec2b749721e2b_JaffaCakes118
Size

48KB
MD5

a05aecae815a5289a4fec2b749721e2b
SHA1

921ae5fefb5933f5efdf34ef4faba4047cfe1231
SHA256

04e93ef3a78904afba987924b090ffddb39b7e18fa7dbf43814c8f73da8e3466
SHA512

fd3f5242cc86271e6eadeb149ae0952ffc93184df6f1e0e143afdac4a461581362258a2fc9908c7eea0797be73f1658206fee715546998f2589f67cf404a56b0
SSDEEP

1536:0oq8Xkv6EtmKrIz6H7PZEHF2IyeLXt7JSDv8AXm82u:0oqsEtmEc6H7PZBdXm/u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a05aecae815a5289a4fec2b749721e2b_JaffaCakes118

Files

a05aecae815a5289a4fec2b749721e2b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

933a0527fcffe007b23287cfe310d5bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
GetThreadDesktop
wsprintfA
CharUpperA
GetWindowTextA
GetWindowThreadProcessId
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DestroyWindow
DispatchMessageA
SendInput
GetMessageA
SendMessageA
IsWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
CreateDesktopA
SetProcessWindowStation
OpenWindowStationA
ToAscii
GetKeyboardState
OpenInputDesktop
SetThreadDesktop
SetCursorPos
OpenDesktopA
ExitWindowsEx
MessageBoxA
GetActiveWindow
GetFocus

gdi32

GetCurrentObject
CreateDCA
DeleteDC
GetDeviceCaps

advapi32

OpenThreadToken
LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
ChangeServiceConfigA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueExA
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
EnumServicesStatusA
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AdjustTokenPrivileges

shell32

SHFileOperationA
ShellExecuteA
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal

ws2_32

WSAStartup
WSADuplicateSocketA
WSASocketA
htons
getsockname
send
inet_addr
accept
ntohs
listen
setsockopt
bind
socket
connect
gethostbyname
inet_ntoa
closesocket
recv
select

shlwapi

StrStrA
StrCmpNIA
StrToIntA
StrChrA
SHDeleteKeyA
StrRChrA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

mswsock

TransmitFile

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

msvcrt

strcpy
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strstr
strchr
malloc
wcscmp
free
memcpy
abs
_beginthread
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

kernel32

SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
SetFilePointer
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcatA
OpenEventA
CallNamedPipeA
GetStartupInfoA
GetModuleFileNameA
GetSystemDirectoryA
IsDBCSLeadByte
GetLocalTime
ExitProcess
GetFileAttributesA
WaitForMultipleObjects
CreateThread
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
SetThreadPriority
CreateProcessA
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
GetCurrentProcessId
lstrcmpiA
FindFirstFileA
lstrcmpA
FindNextFileA
GetLastError
FindClose
GetFileAttributesExA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
lstrcpyA
MoveFileA
CreateDirectoryA
WriteFile
GetTempPathA
lstrlenA
SetEvent
WaitForSingleObject
GetFileSize
DeleteFileA
GetVersion
QueryPerformanceCounter
DeviceIoControl
CreateEventA
GetCurrentThreadId
Sleep
CreateFileA
GetFileSizeEx
SetFilePointerEx
ReadFile
CloseHandle
GetTickCount
LoadLibraryA
QueryPerformanceFrequency

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

933a0527fcffe007b23287cfe310d5bc

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

wininet

mswsock

imm32

msvcrt

avicap32

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB