aa0a7abb0827953059d5a0ecb3e9a686_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa0a7abb0827953059d5a0ecb3e9a686_JaffaCakes118
Size

160KB
MD5

aa0a7abb0827953059d5a0ecb3e9a686
SHA1

b3a7c3b030be0a090519f3697ee940461dddcb96
SHA256

85a163bd5cda403b4b36ef7126cd3339864300937cd371a5249b5acc9f768f5f
SHA512

13a9ed3be90d8fc0eae8a028ba242ef6c4de76d43de9bb92236ae0f964ad7ef4a7f89cd5e721764f0eec554dcb2524c1c839244c95ee6484242c50bdb8dc6f21
SSDEEP

3072:0jBMzSsyjr1mpGyJf9QnLa8MSHSzBrSZOZbdAg1PLocO:JzSjrEpGyR6nLa8M8krS8sg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa0a7abb0827953059d5a0ecb3e9a686_JaffaCakes118

Files

aa0a7abb0827953059d5a0ecb3e9a686_JaffaCakes118
.dll windows:4 windows x86 arch:x86

25f639a5695d7316293ce7ac30a7ca29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

kernel32

SetEvent
GetCurrentProcessId
ExitThread
WaitForSingleObject
GetSystemDirectoryA
CreateEventA
SystemTimeToFileTime
SetFileTime
GetFileTime
CreateFileA
OpenProcess
SetErrorMode
GetFileAttributesA
OutputDebugStringA
LocalFree
GetVersionExA
VirtualFreeEx
ReadProcessMemory
LoadLibraryW
MultiByteToWideChar
CreateThread
CopyFileA
LoadLibraryExA
GetStdHandle
GetFileType
FindFirstFileExA
FindNextFileA
FindClose
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFileMappingA
LocalAlloc
MapViewOfFile
CloseHandle
GetCurrentProcess
GetLastError
Sleep
GetVersion

user32

GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
GetProcessWindowStation

advapi32

LookupAccountSidA
GetTokenInformation
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

ws2_32

WSAStartup
inet_ntoa
WSACleanup
gethostname
gethostbyname

wininet

HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetSetOptionA
InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
InternetOpenA

mfc42

ord941
ord3055
ord3318
ord838
ord5216
ord928
ord3810
ord936
ord2814
ord939
ord1105
ord2764
ord5442
ord858
ord537
ord268
ord1567
ord823
ord354
ord350
ord860
ord5186
ord6385
ord1979
ord665
ord3663
ord3616
ord3127
ord5651
ord540
ord2818
ord535
ord800
ord825

msvcrt

strcmp
abort
wcsstr
vfprintf
_iob
fflush
_setmode
ftell
fseek
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
_fileno
_stricmp
atof
fgets
wprintf
wcstombs
strcat
_local_unwind2
wcscpy
strlen
strcpy
__CxxFrameHandler
printf
_except_handler3
mbstowcs
atoi
memset
strncpy
strstr
sprintf
_vsnprintf
memcpy
malloc
free
atol
realloc
fclose
fread
fopen
_close
_filelength
_open
fwrite
clock

Exports

Exports

ApplyUpdate
NetServerAuthenticate
NetServerReqChallengeFile
WLEventStartShell
WLEventStartup

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25f639a5695d7316293ce7ac30a7ca29

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

wtsapi32

ws2_32

wininet

mfc42

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 44KB - Virtual size: 157KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 44KB - Virtual size: 157KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 16KB