b8a7011bbe70dd09a079d5bc571ecd4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8a7011bbe70dd09a079d5bc571ecd4c_JaffaCakes118
Size

32KB
MD5

b8a7011bbe70dd09a079d5bc571ecd4c
SHA1

d4a48801183f7a529b79d837ba1a65cae0a35fed
SHA256

56f3647334f40fb535dc5f26cf0366ef6874f39f1e3d10436ce30c2e0113cd44
SHA512

b0e9f19c5ebcb59acf07580dc951a5659558c4060dbd22a32ca39ac35be5f827e5ceda112cfe6420ab2ea2e1675700f7957ac53ed23320feb77810c1d6a1cf54
SSDEEP

768:EaSxg1OQRLzyxOAxcA1vGLrLxdwE3HCOZ8X6FZb9L:QxDQRnRFFHCOZI6FZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8a7011bbe70dd09a079d5bc571ecd4c_JaffaCakes118

Files

b8a7011bbe70dd09a079d5bc571ecd4c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

48b8645e2e53a51455c76732ab36c72d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitThread
ReadFile
PeekNamedPipe
WriteFile
GetFileSize
CreateFileA
GetSystemDirectoryA
SetLastError
CreatePipe
GlobalAlloc
FreeLibrary
HeapAlloc
GetProcessHeap
SetFilePointer
MultiByteToWideChar
TerminateProcess
Sleep
OpenProcess
GetStartupInfoA
CreateProcessA
TerminateThread
OutputDebugStringA
GetExitCodeThread
GlobalFree
FreeConsole
CloseHandle
GetLastError
GetModuleHandleA
WideCharToMultiByte
GetComputerNameA
GetSystemInfo
GetVersionExA
GetSystemPowerStatus
GetTickCount
GlobalMemoryStatus
GetDriveTypeA
GetDiskFreeSpaceA
LoadLibraryA
GetProcAddress
GetCurrentProcess
CreateDirectoryA

user32

GetSystemMetrics
GetDC
wsprintfA

gdi32

GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetObjectA

msvcrt

strchr
fread
fseek
fopen
fwprintf
fprintf
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fclose
atol
strncpy
wcstombs
_CxxThrowException
__CxxFrameHandler
_snprintf
_ftol
time
_ftime
atoi
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z
realloc
free
malloc
srand
rand
_atoi64
atof
sprintf
_wcsnicmp

ws2_32

socket
htons
inet_addr
inet_ntoa
gethostbyname
shutdown
closesocket
select
__WSAFDIsSet
recv
send
WSACleanup
WSAStartup
gethostname
connect

wininet

InternetGetConnectedState

netapi32

NetServerEnum
NetApiBufferFree

advapi32

AdjustTokenPrivileges
OpenSCManagerA
LockServiceDatabase
OpenServiceA
ChangeServiceConfigA
UnlockServiceDatabase
CloseServiceHandle
RegSetValueExA
LogonUserA
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetTokenInformation
LookupAccountSidA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48b8645e2e53a51455c76732ab36c72d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

ws2_32

wininet

netapi32

advapi32

msvcp60

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 51KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 51KB

.reloc
Size: 2KB - Virtual size: 2KB