a65c67c211e9dae8a3d3276846de2ea6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a65c67c211e9dae8a3d3276846de2ea6_JaffaCakes118
Size

171KB
MD5

a65c67c211e9dae8a3d3276846de2ea6
SHA1

0687feaf7679c228be28992a3db7fbbaf0000266
SHA256

178a9d6c59a194c3ec69e8a273c6814d126271a3d71768219e2a4a975ca950ba
SHA512

dffe39fc2bb13662dd4425bd48f111d3e5e72d0b32b2cdf48219a0b5ce69c10153b0664af36cf11fad2f7a54510ca857f42f9fe180e56d02891a0d2d85aec12d
SSDEEP

3072:QKc9TBf4KFVMgEps29Sq8J2nGE0NGefcb9qkcPFET0tQKa8KkKT0:3c9TBQKf110ceBkFEIXaj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a65c67c211e9dae8a3d3276846de2ea6_JaffaCakes118

Files

a65c67c211e9dae8a3d3276846de2ea6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1de8d4e7067cd08d528c07ab6b9cb4e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExW

ws2_32

WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAIoctl
send
recv
WSAGetLastError
closesocket
setsockopt
ioctlsocket
select
htons
connect
getprotobyname
socket
htonl
getsockname
gethostbyname
ntohl
WSAStartup
WSACleanup

kernel32

ExitProcess
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess
CancelIo
CreateIoCompletionPort
ReadDirectoryChangesW
InitializeCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetModuleFileNameW
WaitForSingleObject
CloseHandle
InterlockedExchange
ResetEvent
CreateThread
GetLastError
DeviceIoControl
CreateFileW
ResumeThread
InterlockedIncrement
InterlockedDecrement
WriteFile
ReadFile
SetFilePointer
GetFileSize
SetThreadPriority
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
TerminateThread
SuspendThread
Sleep
GetCurrentThreadId
GetExitCodeThread
GetThreadPriority
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
FreeLibrary
GetProcAddress
GetVersionExW
SystemTimeToFileTime
GetLocalTime
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetFileTime
SetFileTime
SetFileAttributesW
GetDriveTypeW
GetLogicalDriveStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
MoveFileW
CreateDirectoryW
GetFileAttributesW
SetErrorMode
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
GetTempPathW
CreateProcessW
GetStartupInfoW
PeekNamedPipe
SetLastError
CreatePipe
WaitForMultipleObjects
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetSystemTimeAsFileTime

user32

PostMessageW
OpenDesktopW
GetThreadDesktop
GetUserObjectInformationW
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetCursorPos
SetRect
GetDesktopWindow
GetDC
ReleaseDC
GetCursorInfo
DestroyCursor
LoadCursorW
ExitWindowsEx
SystemParametersInfoW
SendMessageW
BlockInput
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyW
keybd_event
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation

gdi32

DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

RegisterServiceCtrlHandlerExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
QueryServiceStatus
ControlService
QueryServiceConfig2W
EnumServicesStatusW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ChangeServiceConfigW
QueryServiceConfigW

msvcr71

??2@YAPAXI@Z
fopen
_snprintf
memmove
_wtol
_wtof
_wtoi
memchr
realloc
towlower
_purecall
wcsncpy
malloc
wcscmp
??3@YAXPAX@Z
wcslen
__CxxFrameHandler
free
fputc
fprintf
fread
ftell
fseek
fclose
isspace
tolower
isalpha
isalnum
strncmp
strchr
strstr
strncpy
__dllonexit
_onexit
__security_error_handler
_except_handler3
_initterm
_adjust_fdiv
__CppXcptFilter
_vsnwprintf

Exports

Exports

ServiceMain

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 832B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1de8d4e7067cd08d528c07ab6b9cb4e6

Headers

File Characteristics

Imports

psapi

ws2_32

kernel32

user32

gdi32

advapi32

msvcr71

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.data Size: 832B - Virtual size: 820B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 156KB - Virtual size: 156KB

.data
Size: 832B - Virtual size: 820B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB