aba06d066d83f9374fb2ad76c10a201b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aba06d066d83f9374fb2ad76c10a201b_JaffaCakes118
Size

50KB
MD5

aba06d066d83f9374fb2ad76c10a201b
SHA1

704bb81bfbfb1c9696cacfa24fd8ede5cbbb0f92
SHA256

8dd18f705a900e5b90ed746672fc7101ab696dea374ef56f4a30bc21abe701cc
SHA512

d20a6bfe6d9b1f76071bfcef684e4513e1067ffe78977ec420ed62b7e067213662a3e930e1def16c0aecafeaccbbb66d5dfcbf329cdc1903135f8ea532701709
SSDEEP

768:Y8YhUIrFHK7VvsvwGU9cAR1ieHa0s7HdCTe6KgqUTDD/yWAKQkS8G2rqhOG36B:YksFq7AW/R1ie64TmTUb/yW3S+0l36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba06d066d83f9374fb2ad76c10a201b_JaffaCakes118

Files

aba06d066d83f9374fb2ad76c10a201b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b0044ab08bc45dd6dc7feada9023c4da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
FlushInstructionCache
GetCurrentProcess
Thread32Next
SetThreadContext
GetThreadContext
OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
GetProcessHeap
HeapAlloc
Process32Next
lstrcmpiA
Process32First
WriteFile
lstrcatA
GetTickCount
FindClose
FindFirstFileA
VirtualFreeEx
WaitForSingleObject
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
GetTempPathA
GetWindowsDirectoryA
ReleaseMutex
GetLastError
CreateMutexA
FreeLibrary
GetSystemDirectoryA
GetFileAttributesA
MoveFileExA
DeleteFileA
lstrcpynA
ReadProcessMemory
SetThreadPriority
DeviceIoControl
TerminateThread
CopyFileA
GlobalAlloc
GlobalFree
SetEndOfFile
VirtualAlloc
VirtualFree
TerminateProcess
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
AddVectoredExceptionHandler
CreateFileA
ReadFile
SetFilePointer
CloseHandle
GetFileSize
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
CreateThread
Sleep
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
CreateRemoteThread
LocalAlloc

user32

GetClassNameW
GetWindow
PostMessageA
wsprintfA
GetKeyboardLayoutList
wsprintfW
FindWindowA
GetForegroundWindow

gdi32

CreateDCA
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps

advapi32

SetSecurityDescriptorDacl
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor

msvcrt

_onexit
__dllonexit
srand
_strcmpi
_strupr
_strdup
rand
memset
strcpy
fclose
fgets
fopen
strncpy
strchr
strstr
wcsncpy
strlen
??2@YAPAXI@Z
_strlwr
strcat
strrchr
free
_stricmp
malloc
memcpy
??3@YAXPAX@Z
_except_handler3
wcscat
wcscpy
wcslen
sprintf
isspace
_vsnprintf
realloc
isdigit
isalpha
atoi
wcscmp
mbstowcs
wcsncat
wcsstr
exit

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wsock32

WSAStartup
socket
htons
connect
recv
gethostbyname
send
shutdown
closesocket

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

Exports

Exports

pfjaoidjglkajd

Sections

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0044ab08bc45dd6dc7feada9023c4da

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

msvcp60

wsock32

psapi

gdiplus

Exports

Exports

Sections

.bss Size: - Virtual size: 3KB

.data Size: 46KB - Virtual size: 45KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 45KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 3KB - Virtual size: 2KB