ae70f9f1705e2789c0a53db05efa60ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae70f9f1705e2789c0a53db05efa60ce_JaffaCakes118
Size

41KB
MD5

ae70f9f1705e2789c0a53db05efa60ce
SHA1

3ae79fa9c98d3de3b4b02cb3954bd40cfbf6abff
SHA256

696e5c314bff997653a53ba92b017f28abf9ec7bc20c6a57c63c77f0b9b14cbd
SHA512

a11229c57219e34012a8e49f0b8504693cb51fa9dd6486eba70a8a6bdfbf10fbff08a04f0621483aa4f00a3f20e25b3dc0fcb06551f4cf1527d3cc459baf3236
SSDEEP

768:YddDEZYpxwsjRH8RlvYAha5kVuFTUGYNCiQATvKRU:MSQTRHmlv9ha5mhLQGeU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae70f9f1705e2789c0a53db05efa60ce_JaffaCakes118

Files

ae70f9f1705e2789c0a53db05efa60ce_JaffaCakes118
.dll windows:4 windows x86 arch:x86

883f323136a08dc5f5934405750ff5b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocEx
GetVersionExA
ResumeThread
WriteProcessMemory
SetThreadContext
GetThreadContext
SuspendThread
CopyFileA
DeleteFileA
LoadLibraryA
WaitForSingleObject
GetModuleHandleA
Thread32First
Thread32Next
GetCurrentThreadId
CreateProcessA
FreeConsole
DuplicateHandle
IsBadReadPtr
GetCurrentProcessId
SetLastError
TerminateProcess
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
SetFilePointer
GetProcAddress
GetFileSize
CloseHandle
WriteFile
UnmapViewOfFile
GetSystemDirectoryA
MapViewOfFile
FreeLibrary
CreateFileA
CreateFileMappingA
CreateThread
GetCurrentProcess
Sleep

user32

SetWindowsHookExA
LoadCursorA
DefWindowProcA
PostMessageA
UnhookWindowsHookEx
SendMessageA
FindWindowA
GetWindowLongA
GetWindowTextA
SetWindowLongA
CallWindowProcA
wsprintfA
CallNextHookEx
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
PtInRect

gdi32

GetStockObject

advapi32

RegisterServiceCtrlHandlerA
CloseServiceHandle
SetServiceStatus
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
RegQueryValueExA
CreateServiceA
OpenServiceA
DeleteService
RegEnumKeyA
RegSetValueExA
ControlService

ws2_32

closesocket
gethostname
inet_ntoa
ntohs
socket
gethostbyname
WSACleanup
htons
inet_addr
WSASetLastError
WSAStartup

imagehlp

CheckSumMappedFile

msvcrt

??3@YAXPAX@Z
strstr
wcstombs
strncpy
??2@YAPAXI@Z
strchr
__CxxFrameHandler
strncat
_onexit
free
__dllonexit
malloc
_adjust_fdiv
_stricmp
_initterm

Exports

Exports

InstallLaunchEv
InstallServerEx
ServiceMain
SetIsInstall
Thread2
UnInstallLaunchEv

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

883f323136a08dc5f5934405750ff5b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 6KB

.mydata Size: 4KB - Virtual size: 504B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.mydata
Size: 4KB - Virtual size: 504B

.reloc
Size: 4KB - Virtual size: 1KB