c29652f7e7085f69513054142658c38d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c29652f7e7085f69513054142658c38d_JaffaCakes118
Size

96KB
MD5

c29652f7e7085f69513054142658c38d
SHA1

370cc0d538471d4f89ca5450f7a03c02a412654c
SHA256

180118b29c890649698c878606b30bc3844c6f515cde89cc1c6f4f027b855ca0
SHA512

f3211471b2bc5f62a3f25ac6a6ea1f2c93e3f28b8ec744d328d2188dbcac781a86e544083f372051f63fa8fbb24238dde059ef8dbea999a1073502998e686750
SSDEEP

1536:sEYHWyVW5Rj5gK5jUvNNAaTcXIhzYaptszKVJooXHVDK3cl4J2:sEYHzWbj5gK9UlWtL6seVJooXHVDK3cL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c29652f7e7085f69513054142658c38d_JaffaCakes118

Files

c29652f7e7085f69513054142658c38d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

04eab34cc28b293f17d5cc90e70ec5b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

SetFilePointer
ReadProcessMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualProtectEx
VirtualAllocEx
GetWindowsDirectoryA
FreeLibrary
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileStringA
SetUnhandledExceptionFilter
CreateThread
WaitForSingleObject
FreeConsole
SetEvent
CreateEventA
ReadFile
GetCurrentThreadId
WriteFile
InitializeCriticalSection
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
LocalFree
FlushFileBuffers
SetStdHandle
GetOEMCP
lstrlenA
DeleteFileA
SetLastError
GetLastError
LoadLibraryA
GetProcAddress
OpenProcess
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
Sleep
GetCurrentProcess
WriteProcessMemory
GetTickCount
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
lstrcatA
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CloseHandle
GetSystemDirectoryA
DeleteCriticalSection
EnterCriticalSection
GetACP
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
TlsAlloc
TlsFree

user32

GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
wsprintfA
FindWindowExA
FindWindowA
PostMessageA
SendMessageA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
CloseDesktop

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
ImpersonateLoggedOnUser
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString

wininet

InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA

ws2_32

gethostbyname
WSAStartup
closesocket
recv
send
setsockopt
connect
bind
socket
gethostname
inet_addr
htons

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

ServiceMain

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04eab34cc28b293f17d5cc90e70ec5b8

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

ole32

oleaut32

wininet

ws2_32

version

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 28KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 28KB

.reloc
Size: 8KB - Virtual size: 6KB