c1b7b513f0e1a1b7ca280f9b28d03b8e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1b7b513f0e1a1b7ca280f9b28d03b8e_JaffaCakes118
Size

83KB
MD5

c1b7b513f0e1a1b7ca280f9b28d03b8e
SHA1

7a9b6a77e92db97cef5202a4fe5cb4c5cc123263
SHA256

5abb206d9e554a456948e2bd432dbb127317405be0ab5e75417896661d29955e
SHA512

fb133bb354c61a9807424582bf8d618886a2ce87a756566bb3144b35ade06991b71ddedf773a5237f1bf0a677f0b7a6bb18d6f4e91a4c46c980c0af1518717a7
SSDEEP

1536:8Pax0TP9vjsGZ9E3obAqI2vk2yqIQ57Dc6H:8Po6lDErbqR5nH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b7b513f0e1a1b7ca280f9b28d03b8e_JaffaCakes118

Files

c1b7b513f0e1a1b7ca280f9b28d03b8e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d6c82eef0c66f49e1e46d2e95dc39892

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
GetModuleBaseNameA

kernel32

VirtualAllocEx
VirtualFreeEx
CreateEventA
GetLastError
FreeLibrary
SetLastError
Sleep
GetTickCount
GetVersionExA
GetModuleHandleA
TerminateProcess
CreateProcessA
GetFileAttributesA
GetWindowsDirectoryA
GetExitCodeThread
GetCurrentProcessId
DisconnectNamedPipe
WriteProcessMemory
ConnectNamedPipe
ReadFile
CreateNamedPipeA
DeleteFileA
WriteFile
CreateFileA
GetTempPathA
GetCurrentThreadId
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileA
FindFirstFileA
FlushFileBuffers
CreateRemoteThread
WaitForSingleObject
ReadProcessMemory
SetEvent
LoadLibraryA
GetProcAddress
GetCurrentProcess
OpenProcess
CloseHandle
SetUnhandledExceptionFilter
ExitProcess
ExitThread
CompareStringA
CompareStringW
GetCurrentThread
CreateThread
SetEnvironmentVariableA
ResumeThread
LocalAlloc
InterlockedExchange
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleHandleW
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

DuplicateToken
ImpersonateNamedPipeClient
OpenThreadToken
DeleteService
CreateServiceA
ControlService
QueryServiceStatusEx
OpenSCManagerA
CloseServiceHandle
OpenServiceA
StartServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
InitServerExtension
_ReflectiveLoader@0
control

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6c82eef0c66f49e1e46d2e95dc39892

Headers

File Characteristics

Imports

psapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB