c0c419197b0ee58b57532cd3b7939380_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0c419197b0ee58b57532cd3b7939380_JaffaCakes118
Size

55KB
MD5

c0c419197b0ee58b57532cd3b7939380
SHA1

8b7f9a58a2dfc6ec81db39de350554a0ea6d3688
SHA256

5041e8d904411d5ecbd71a9f4760e71684b32b2dfc42f6a730fe47b1cb3612e1
SHA512

3905084c1407def349862da62361e65b1b1c84156601b0da5c645851312590813c3403c61ea79e1e51558bfb3f2e6d1dfd7e685fdb5ee2fc8df4fcc6d8f10ddf
SSDEEP

768:b9GJSBnYzcFEAACZtzeMUJgzWtLrtgkV0riWL8ZOF9r4B1MBBZhfk49mHnqulG9G:28nsyevJ4WtNWXL8cF9r4Shs4adlGaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c419197b0ee58b57532cd3b7939380_JaffaCakes118

Files

c0c419197b0ee58b57532cd3b7939380_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7dfd18d485581cee29ad35a42a6d377a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

OpenDesktopA
CallNextHookEx
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextA
PostMessageA
PostThreadMessageA
wsprintfW
GetThreadDesktop
OpenInputDesktop
ExitWindowsEx
wsprintfA
SetCursorPos
GetWindowThreadProcessId
SendInput
SetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
CharUpperA
GetActiveWindow
GetMessageA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetDeviceCaps
DeleteObject
CreateDCA
GetDIBits
DeleteDC

advapi32

StartServiceA
AdjustTokenPrivileges
OpenThreadToken
ImpersonateSelf
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA
RegSetValueExA
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
GetUserNameW

shell32

StrStrA
SHEmptyRecycleBinA
StrRChrA
ShellExecuteA
StrCmpNIA
StrChrA
SHFileOperationA

ole32

CreateStreamOnHGlobal

ws2_32

inet_ntoa
gethostbyname
inet_addr
recv
select
closesocket
send
setsockopt
socket
htons
connect
WSAStartup

shlwapi

StrToIntA
StrCmpW

psapi

GetModuleFileNameExA

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
strrchr
malloc
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

SearchPathA
GetModuleFileNameA
OpenProcess
CreateDirectoryA
MoveFileA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
lstrcmpA
lstrcmpiA
GetCurrentProcessId
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
SetFilePointer
FlushFileBuffers
lstrlenW
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
RaiseException
LoadLibraryA
WideCharToMultiByte
GetACP
GetOEMCP
GetLocalTime
lstrlenA
GetTempPathA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
lstrcpyA
GetCurrentThread
GetSystemDirectoryA
DeleteFileA
SetEvent
GetTickCount
WaitForSingleObject
Sleep
CreateProcessA
lstrcatA
GetStartupInfoA

Exports

Exports

tBUQNDBjFNI
saewrteryutr09
w67w67

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dfd18d485581cee29ad35a42a6d377a

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB