b462c93541e851f5ef3c761a41287676_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b462c93541e851f5ef3c761a41287676_JaffaCakes118
Size

85KB
MD5

b462c93541e851f5ef3c761a41287676
SHA1

26948ce09edc35d4cf320db58b488441417fbcb0
SHA256

7f9ee8931dcbc5ba7eb893bbe18c075c180f9d04b1f0fed4fca6b7f963c8724b
SHA512

4259fceb36c5ccb778964e6b7ee619f971d75dbaeebf2230fc52c3ebee22e6a801a7c6401db3caf50254e96e37aef6fee357a034d6a92293bad8dc4fc56efc19
SSDEEP

1536:tXhy9R85hGXT8uqchgfnShWFCLFe411s8DreYy4MjXjmW:RhQ8uXQnchKdCpL1NMjzmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b462c93541e851f5ef3c761a41287676_JaffaCakes118

Files

b462c93541e851f5ef3c761a41287676_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetThreadDesktop
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
CallNextHookEx
OpenInputDesktop
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextA
PostThreadMessageA
GetWindowThreadProcessId
wsprintfW
GetMessageA
GetActiveWindow
CharLowerA
SetThreadDesktop
ExitWindowsEx
wsprintfA
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
ShowWindow
BringWindowToTop
UpdateWindow
EnumWindows
CharUpperA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDCA
GetDeviceCaps
DeleteObject

advapi32

RegSetValueExA
OpenThreadToken
RegisterServiceCtrlHandlerA
SetServiceStatus
LogonUserA
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ControlService
ChangeServiceConfigA
RegCreateKeyExA
AdjustTokenPrivileges
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf

shell32

SHEmptyRecycleBinA
SHFileOperationA
ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

setsockopt
inet_ntoa
gethostbyname
inet_addr
select
closesocket
send
getsockname
listen
recv
bind
socket
htons
connect
ntohs
accept
WSAStartup

shlwapi

StrCmpW
StrStrA
StrChrA
StrRChrA
SHDeleteKeyA
StrCmpNIA
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetCompositionStringW

avicap32

capGetDriverDescriptionA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
getenv
strrchr
malloc
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
OpenProcess
GetModuleFileNameA
GetDiskFreeSpaceExA
WideCharToMultiByte
SetFilePointer
FlushFileBuffers
lstrlenW
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
MoveFileA
CreateDirectoryA
SearchPathA
GetACP
GetOEMCP
GetLocalTime
lstrlenA
GetTempPathA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
GetCurrentThread
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetStartupInfoA
GetTickCount
WaitForSingleObject
Sleep
CreateProcessA
lstrcatA

Exports

Exports

lumeInforl
DzService
ServiceMain

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB