b3defdbd173738d44137f88a571647e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3defdbd173738d44137f88a571647e1_JaffaCakes118
Size

630KB
MD5

b3defdbd173738d44137f88a571647e1
SHA1

b3f30306768f20e8581e15096c3dcea4669ee46e
SHA256

ea43d8973fdfa6eb77e1f6b6a5276c5e06c614071d26f68f19fbcb25fe09aad4
SHA512

28c2c6a7a024d8ca3fbc51f0ad8359084d363b1463abd7e557cadfeb56bcd76f3b94fba1632e34f1f1316f6b94151b64782ac4b85e18404a5ee690e0469ec0bd
SSDEEP

12288:zC/wYUHdn3hLB8fcAGIE/WTiPb5eI3w0:zC/cN3uEuTiD5H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3defdbd173738d44137f88a571647e1_JaffaCakes118

Files

b3defdbd173738d44137f88a571647e1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0c8b7d9b7ad1354c18e6f91960298733

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatus
GetVolumeInformationA
Module32First
Module32Next
Thread32First
GetLocalTime
GetComputerNameA
FlushConsoleInputBuffer
GetCurrentProcessId
GetStdHandle
GetFileType
GetVersion
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
Toolhelp32ReadProcessMemory
GetCurrentThreadId
lstrcpyA
GetSystemTime
GetWindowsDirectoryA
FreeLibrary
GetVersionExA
SetLastError
GetModuleFileNameA
GetCurrentProcess
GetTickCount
LocalAlloc
LocalFree
VirtualAllocEx
VirtualFreeEx
TerminateProcess
Heap32ListFirst
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
ResetEvent
RemoveDirectoryA
GetLastError
FindClose
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
CloseHandle
CreatePipe
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
Heap32ListNext

user32

CloseWindowStation
GetProcessWindowStation
GetThreadDesktop
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
OpenWindowStationA
GetUserObjectInformationA
OpenDesktopA
CloseDesktop
SetThreadDesktop
ReleaseDC
GetDC
SetCursorPos
mouse_event
keybd_event
PostMessageA
wsprintfA
ExitWindowsEx
OpenInputDesktop

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

ChangeServiceConfig2A
DeleteService
StartServiceA
QueryServiceStatus
ControlService
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusExA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenSCManagerA
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyA
CreateServiceA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
AdjustTokenPrivileges

ws2_32

WSAStartup
WSACleanup
select
WSAGetLastError
ntohl
connect
socket
htons
htonl
gethostbyname
inet_addr
closesocket
shutdown
recv
WSASetLastError
send

msvcrt

fputc
strtoul
gmtime
sscanf
isupper
_stat
isxdigit
fgets
_setmode
getenv
memchr
isdigit
isspace
tolower
strcmp
abort
vfprintf
wcsstr
_iob
signal
_getch
_mbsnbcat
fclose
fwrite
fseek
fread
fopen
_beginthreadex
free
strncmp
malloc
__CxxFrameHandler
_except_handler3
_mbscmp
_itoa
ftell
atoi
strstr
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf
wcstombs
strncat
strchr
_CxxThrowException
ceil
_ftol
_ui64toa
_mbsrchr
fprintf
_fdopen
_errno
strcpy
strlen
sprintf
memcpy
fflush
memset
qsort
time
memmove
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
realloc
_stricmp
_wcsnicmp
fputs

psapi

EnumProcessModules
GetModuleFileNameExA

netapi32

Netbios

Exports

Exports

RundllInstall
RundllUninstall
ServiceInstall
ServiceMain
UnServiceInstall

Sections

.text
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c8b7d9b7ad1354c18e6f91960298733

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

msvcrt

psapi

netapi32

Exports

Exports

Sections

.text Size: 425KB - Virtual size: 424KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 51KB - Virtual size: 54KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 425KB - Virtual size: 424KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 51KB - Virtual size: 54KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 34KB - Virtual size: 33KB