bdc3a5a8854c71978bf15a287dc573f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdc3a5a8854c71978bf15a287dc573f0_JaffaCakes118
Size

68KB
MD5

bdc3a5a8854c71978bf15a287dc573f0
SHA1

43627a504e3b5d32f25bbc799f4917a6d58a28d7
SHA256

92536ad729fd05fec3ce17f36a9e8876efbbe6e73c97475a99cc6496d7a68fc2
SHA512

5926373ff3a32cd75ccba89b687464617bd9929cf06ec1c1f092ab43a1bef1055a11a7826f82b6f2338d7846321b3089af09a37b12f3526c8285fc357bdb9466
SSDEEP

1536:rN4N1rb3EAFNnsAgslPh4jo2QvGuavDlF+tE4QD:rsrb0AP1h4FwGuavpF8y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdc3a5a8854c71978bf15a287dc573f0_JaffaCakes118

Files

bdc3a5a8854c71978bf15a287dc573f0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b5be70fd6ef51f6cff7b89676c6c5844

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
SetUnhandledExceptionFilter
FreeConsole
MoveFileExA
MoveFileA
CreateMutexA
WriteFile
CreateFileA
CreateProcessA
MultiByteToWideChar
SetErrorMode
ReleaseMutex
CreateThread
WaitForSingleObject
GetLastError
lstrlenA
Sleep
ReadProcessMemory
DeleteFileA
SetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
GetCurrentProcess
CloseHandle
OpenProcess
lstrcpyW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetSystemDirectoryA

user32

wsprintfA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr
setsockopt
connect
accept
select
__WSAFDIsSet
ntohs
send
closesocket
socket
htons
bind
listen
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
sendto
gethostname
recv
ioctlsocket

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
AdjustTokenPrivileges

shlwapi

SHDeleteKeyA

msvcrt

wcscmp
??2@YAPAXI@Z
strncpy
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_CxxThrowException
_except_handler3
strchr
strncat
wcstombs
strstr
rand
srand
free
malloc
atoi
_errno
_vsnprintf
memmove
memchr
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
toupper
??3@YAXPAX@Z

Exports

Exports

ServiceMain

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5be70fd6ef51f6cff7b89676c6c5844

Headers

File Characteristics

Imports

kernel32

user32

wininet

iphlpapi

ws2_32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.sxdata Size: 4KB - Virtual size: 24B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.sxdata
Size: 4KB - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 3KB