af97c4633ff5790ad7e59eaa42c3e1d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

af97c4633ff5790ad7e59eaa42c3e1d9_JaffaCakes118
Size

123KB
MD5

af97c4633ff5790ad7e59eaa42c3e1d9
SHA1

a085c9add19db8357d04ea96909aa37b958e5494
SHA256

861f38d13a0959df2d8848eac2db694650538b7e13339221e4a127e7a59589f7
SHA512

221719078c8724beafcd9aee43e089d42cf81845bb99953fdebde941be79ae2ba1781c56cfd8f7eface992a1c751b03db0c3c471d71c1cb4412c0f2efd84a958
SSDEEP

3072:kj/ic2Ft3bKHRi+vTrd3SlGtvUbLyszKsanTz:M72FNbKHRieTRyGJk2sQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af97c4633ff5790ad7e59eaa42c3e1d9_JaffaCakes118

Files

af97c4633ff5790ad7e59eaa42c3e1d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

83b5306ce2502aceab7f82810a427671

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateIoCompletionPort
ResetEvent
Sleep
WaitForSingleObject
GetFileAttributesA
GetSystemDirectoryA
WinExec
TerminateThread
GetLocalTime
GetCurrentThreadId
CreateProcessA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
SizeofResource
LoadResource
FindResourceA
GetLastError
DeviceIoControl
GlobalFree
LoadLibraryExA
GlobalAlloc
GetModuleHandleA
lstrcpynA
GetModuleFileNameA
ExitProcess
GetExitCodeThread
GetTickCount
SetErrorMode
FreeConsole
SetUnhandledExceptionFilter
LocalSize
SetStdHandle
CreateThread
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetQueuedCompletionStatus
SetEvent
CreateEventA
MoveFileA
WriteFile
InitializeCriticalSection
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetVersionExA
OpenProcess
CloseHandle
lstrcpyA
CreateToolhelp32Snapshot
IsBadWritePtr
HeapCreate
HeapDestroy
RaiseException
HeapFree
GetVersion
GetCommandLineA
InterlockedIncrement
Process32First
Process32Next
InterlockedDecrement
HeapReAlloc
ExitThread
TlsSetValue
HeapAlloc
RtlUnwind
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
FlushFileBuffers

user32

keybd_event
mouse_event
CloseDesktop
CloseWindowStation
PostMessageA
SetThreadDesktop
GetActiveWindow
GetWindowTextA
SetCursorPos
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
ReleaseDC
GetDC
GetSystemMetrics
GetDesktopWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetFocus
wsprintfA
GetKeyNameTextA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
CreateWindowExA
SendMessageA
IsWindow
CloseWindow
OpenInputDesktop
GetUserObjectInformationA

gdi32

CreateHalftonePalette
GetPaletteEntries
CreateCompatibleDC
DeleteDC
BitBlt
CreateDIBSection
SelectObject
DeleteObject

advapi32

OpenEventLogA
GetTokenInformation
OpenProcessToken
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
SetServiceStatus
RegisterServiceCtrlHandlerExA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
LsaFreeMemory
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LookupAccountSidA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

shlwapi

PathFileExistsA
StrRChrA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

dbghelp

MakeSureDirectoryPathExists

ws2_32

closesocket
WSAGetLastError
connect
WSARecv
gethostbyname
socket
gethostname
inet_ntoa
WSAStartup
ntohs
getpeername
htons
getsockname
send

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

urlmon

URLDownloadToFileA

avicap32

capCreateCaptureWindowA

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b5306ce2502aceab7f82810a427671

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wtsapi32

dbghelp

ws2_32

imm32

wininet

urlmon

avicap32

psapi

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 11KB - Virtual size: 16KB

.shared Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 86KB - Virtual size: 86KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 11KB - Virtual size: 16KB

.shared
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 6KB - Virtual size: 6KB