bec3e4b80fc0f71bc9e0965c62428caf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bec3e4b80fc0f71bc9e0965c62428caf_JaffaCakes118
Size

68KB
MD5

bec3e4b80fc0f71bc9e0965c62428caf
SHA1

568aeb20c1c5fa9ea7f12deede35e6b7d727cbc4
SHA256

d6d62db5b16df9d67ba1f8423a419d44543a7075641853814eed9f2441f3eed6
SHA512

04a8dc1f0668dc5add97f945236d33e6a5d15728eb2150f92e8b52220f45a23513223fc0e261b9e70d3ec3e8d3999ee64f521525d40a2658d055f10f79f1d84a
SSDEEP

1536:ae1Zc6CTT6rpL8LgJ0LMDXtonSQhgavQlF+tEgf:a5TTc0L0tqSbavoFU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bec3e4b80fc0f71bc9e0965c62428caf_JaffaCakes118

Files

bec3e4b80fc0f71bc9e0965c62428caf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7a19107627e3773a715a713a15bb00ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
SetUnhandledExceptionFilter
FreeConsole
MoveFileExA
MoveFileA
CreateMutexA
WriteFile
CreateFileA
CreateProcessA
MultiByteToWideChar
SetErrorMode
ReleaseMutex
CreateThread
WaitForSingleObject
GetLastError
lstrlenA
Sleep
ReadProcessMemory
DeleteFileA
SetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
lstrcatA
GetCurrentProcess
CloseHandle
OpenProcess
lstrcpyW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetSystemDirectoryA

user32

wsprintfA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr
connect
accept
setsockopt
WSAGetLastError
select
__WSAFDIsSet
ntohs
send
closesocket
socket
htons
bind
listen
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
sendto
gethostname
recv
ioctlsocket

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
AdjustTokenPrivileges

shlwapi

SHDeleteKeyA

msvcrt

wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
strncpy
__CxxFrameHandler
_CxxThrowException
_except_handler3
strchr
strncat
wcstombs
strstr
rand
srand
free
malloc
atoi
_errno
_vsnprintf
memmove
memchr
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
toupper

Exports

Exports

ServiceMain

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a19107627e3773a715a713a15bb00ab

Headers

File Characteristics

Imports

kernel32

user32

wininet

iphlpapi

ws2_32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.sxdata Size: 4KB - Virtual size: 24B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.sxdata
Size: 4KB - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 3KB