a0b20e690051930d65c478bba1b07851_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0b20e690051930d65c478bba1b07851_JaffaCakes118
Size

124KB
MD5

a0b20e690051930d65c478bba1b07851
SHA1

336c37ba5c31bcbf6f8cf4826e82b7c4c97329d9
SHA256

e7e691ff2c2945424e746f5f8a9c0c3e6e857e77dcab2ec62274fa3eaf2c1612
SHA512

f14d61e3a6148fdceb5d6188cd32a9b9f3adb7bef5ac91e880b20c2268a0bc60cde52ee3ea95bbcd1170ea6cd284d2244e2ea0ff7edea108e28dbf8451c9cf3b
SSDEEP

3072:ntN3KJ4ZgvQKT5YP2pPGfQ7exRfWxPl0V:OJ4ZgJ5YuE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0b20e690051930d65c478bba1b07851_JaffaCakes118

Files

a0b20e690051930d65c478bba1b07851_JaffaCakes118
.dll windows:4 windows x86 arch:x86

48138cb1005c78d514bd2f0e874b7b99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LeaveCriticalSection
EnterCriticalSection
DisconnectNamedPipe
WaitForMultipleObjects
WaitForSingleObject
TerminateThread
CreatePipe
CreateProcessA
ExitThread
ReadFile
PeekNamedPipe
WriteFile
GetTickCount
DeleteFileA
SetFileAttributesA
UnmapViewOfFile
SetLastError
FreeConsole
GetUserDefaultLangID
GetSystemDirectoryA
lstrcmpiA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
GetLogicalDrives
GetDriveTypeA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
FindFirstFileA
FindClose
GetCurrentDirectoryA
TerminateProcess
GetModuleHandleA
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentProcess
MapViewOfFile
CloseHandle
GetCurrentProcessId
CreateEventA
OpenProcess
DuplicateHandle
DeviceIoControl
Sleep
GetProcessHeap
SetFilePointer
GetLocalTime
GetLastError
MultiByteToWideChar
CreateFileA
WideCharToMultiByte

user32

ExitWindowsEx
EnumDisplaySettingsA

advapi32

ControlService
StartServiceA
RegisterServiceCtrlHandlerA
DeleteService
RegEnumKeyA
QueryServiceStatus
ChangeServiceConfigA
RegCreateKeyExA
OpenServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
SetServiceStatus
RegCreateKeyA

msvcrt

strncat
strchr
_write
free
malloc
sprintf
mbstowcs
atoi
toupper
sscanf
strncmp
strstr
strtok
__CxxFrameHandler
_CxxThrowException
wcstombs
strncpy
_except_handler3
atol
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strcmpi

ws2_32

inet_ntoa
WSASocketA
select
__WSAFDIsSet
gethostbyname
connect
getpeername
WSAAddressToStringA
WSAGetLastError
closesocket
setsockopt
getsockname
ntohs
listen
accept
send
socket
recvfrom
sendto
inet_addr
bind
WSAIoctl
recv
htonl
htons
WSAStartup
WSACleanup
gethostname

wininet

InternetOpenA
InternetConnectA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetGetConnectedState

netapi32

NetUserDel
NetUserEnum
NetApiBufferFree
NetUserSetInfo

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48138cb1005c78d514bd2f0e874b7b99

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

wininet

netapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 40KB - Virtual size: 40KB

.reloc Size: 8KB - Virtual size: 8KB

.aspack Size: 8KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 40KB - Virtual size: 40KB

.reloc
Size: 8KB - Virtual size: 8KB

.aspack
Size: 8KB - Virtual size: 8KB