c0ede9e90f07bfc5b766adc9c2f3e30d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0ede9e90f07bfc5b766adc9c2f3e30d_JaffaCakes118
Size

207KB
MD5

c0ede9e90f07bfc5b766adc9c2f3e30d
SHA1

a16c1b8b03ebb79581690cf5052e02978b25d1a2
SHA256

94bda6ed99f70e37d7bcc54d60d4b8c8b36de01c95bb58da8f8a9ad4996c1f26
SHA512

81e5ae3873cf5bdd65345467054f23bc6e60a0612a5db702de49cc3fc772d1c5bbfa92a01b54fd4ca1c1baa89af9dc1a09680431fbb380d747824214879fd967
SSDEEP

6144:80d2VBqXnkK3LAUgwN4fOVM10UbFaxU+kX7mfOVf:JseXh3Ln6mVM10UYc6mVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0ede9e90f07bfc5b766adc9c2f3e30d_JaffaCakes118

Files

c0ede9e90f07bfc5b766adc9c2f3e30d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5ce51c2c348ebfa4ee0fcbeb828ea1c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLogicalDriveStringsA
FindClose
LocalFree
GetFileSize
ReadFile
MoveFileA
lstrcmpiA
MapViewOfFile
CreateFileMappingA
HeapFree
UnmapViewOfFile
GetModuleHandleA
GetVolumeInformationA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
TerminateProcess
GetVersionExA
OpenEventA
GetCurrentProcess
Process32Next
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
HeapAlloc
GetTickCount
CancelIo
InterlockedExchange
ResetEvent
GetLastError
VirtualAlloc
EnterCriticalSection
VirtualFree
DeleteCriticalSection
ResumeThread
Sleep
TerminateThread
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree

user32

DispatchMessageA
TranslateMessage
GetMessageA
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
SendMessageA
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
SetRect
GetDesktopWindow
ReleaseDC
GetUserObjectInformationA
IsWindowVisible
PostMessageA
IsWindow
CreateWindowExA
LoadMenuA
GetWindowThreadProcessId
DestroyCursor

gdi32

GetStockObject

advapi32

RegCloseKey
RegRestoreKeyA
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
CloseServiceHandle
DeleteService
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
StartServiceA
RegSaveKeyA

msvcrt

strcpy
_strrev
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
srand
_access
wcstombs
atoi
_beginthreadex
strrchr
strcat
strcmp
_except_handler3
malloc
free
strncpy
sprintf
_stricmp
rand
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
puts
memcpy
__CxxFrameHandler
memmove
putchar
ceil
_ftol
strlen
strstr
memcmp
_CxxThrowException

ws2_32

send
inet_addr
connect
sendto
htonl
getsockname
closesocket
select
recv
socket
gethostbyname
htons
setsockopt
WSAStartup
WSACleanup

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

EndWork
Runing
Working
fuckabc

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce51c2c348ebfa4ee0fcbeb828ea1c6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.reloc Size: 4KB - Virtual size: 2KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.reloc
Size: 4KB - Virtual size: 2KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 4KB