a578577bf9e4ea9a71bfb0e60a3bb1a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a578577bf9e4ea9a71bfb0e60a3bb1a3_JaffaCakes118
Size

34KB
MD5

a578577bf9e4ea9a71bfb0e60a3bb1a3
SHA1

894e63135a6cc2c63a545f53ee23d83b9ed4934e
SHA256

b0cbc5d7493352903ebed01642ac47931227f145981e0912086459acf5660018
SHA512

653f31329d9ef083df6a2b9c1ce26bf5ee515dda3fab2b48c4f8ead5fbbba6f954338dd7d5415cc205685ecfe827f8437af8d8168fec13fbc540f00bb2536a29
SSDEEP

768:i20uc5u0ZbFYqUSQNhpJ950nyCZhF1cas4:eucJbSFdlJ955CZ04

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a578577bf9e4ea9a71bfb0e60a3bb1a3_JaffaCakes118

Files

a578577bf9e4ea9a71bfb0e60a3bb1a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

45dde6a8b5d64b1157ff65c2ee5d669b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cabinet

FCIFlushCabinet
FCIAddFile
FCIDestroy
FCICreate

mfc42

ord823
ord3790
ord2005
ord2781
ord2770
ord4058
ord4215
ord3011
ord3010
ord3305
ord3304
ord3311
ord3310
ord3562
ord3188
ord3185
ord3181
ord3178
ord3617
ord801
ord668
ord541
ord356
ord537
ord800
ord5861
ord860
ord4129
ord858
ord540
ord1997
ord6407
ord798
ord5194
ord533
ord6143
ord665
ord1979
ord5442
ord5773
ord535
ord1575
ord1182
ord342
ord1253
ord4277
ord2764
ord354
ord5186
ord825

msvcrt

free
_open
_read
_write
_close
_lseek
remove
strcpy
strlen
_tempnam
sprintf
memset
strncpy
strrchr
__CxxFrameHandler
_beginthread
_beginthreadex
memcpy
strcat
_stat
_adjust_fdiv
_initterm
_onexit
__dllonexit
_strlwr
strstr
_snprintf
_findfirst
_findnext
strcmp
_findclose
fopen
fseek
fclose
fread
malloc

kernel32

GetProcAddress
GetCommandLineA
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetTickCount
MoveFileA
MoveFileExA
CopyFileA
GetSystemWindowsDirectoryA
GetTempFileNameA
CreateProcessA
OutputDebugStringA
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetComputerNameA
GetWindowsDirectoryA
GetDriveTypeA
Sleep
DeleteFileA
GetTempPathA
OpenEventA
SetEvent
CreateEventA
WaitForSingleObject
ExitProcess
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
GetUserNameA

urlmon

URLDownloadToFileA

wsock32

recv
closesocket
WSAStartup
socket
ioctlsocket
gethostbyname
htons
connect
send

wininet

InternetCloseHandle
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA

winmm

timeGetTime

shlwapi

SHDeleteValueA
StrStrIA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

ServiceMain
Start
_SvcCtrlFnct@4

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45dde6a8b5d64b1157ff65c2ee5d669b

Headers

File Characteristics

Imports

cabinet

mfc42

msvcrt

kernel32

advapi32

urlmon

wsock32

wininet

winmm

shlwapi

version

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB