cefd5c89f3906648c891f9da65ce7b5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cefd5c89f3906648c891f9da65ce7b5d_JaffaCakes118
Size

112KB
MD5

cefd5c89f3906648c891f9da65ce7b5d
SHA1

6140cc299d26e31fb927efc37eea5206e51cd696
SHA256

4c18303f564c69355c81b430cb40907ee853fa468a8c1ad6b0a22bff8c4a93ce
SHA512

aceaa3096b2d277cb1c45b6bd60f55ab8ba816b5083fb23c4d3a3fd31903f1c60c5fac6e8492a19c95df2b19a7c0678101f1b7af9e9318abdfc3d42e84e631c6
SSDEEP

3072:BDZfFhJ7N2Phv7H2pqRqeWTBfZ2/a3vX5qt:p7hGh2qweWTBh2/+Xg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cefd5c89f3906648c891f9da65ce7b5d_JaffaCakes118

Files

cefd5c89f3906648c891f9da65ce7b5d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9967ae3b2f824c020d6de7cc94b9ea0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
LocalAlloc
GetTickCount
GetCurrentProcess
lstrcmpiA
GetVersionExA
GetSystemInfo
VirtualAllocEx
GetWindowsDirectoryA
GetComputerNameA
GlobalMemoryStatus
GetVolumeInformationA
lstrcpynA
lstrcmpA
VirtualFreeEx
TerminateProcess
Heap32ListFirst
Heap32ListNext
Module32First
Module32Next
OpenProcess
Toolhelp32ReadProcessMemory
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentThread
OpenThread
FormatMessageA
SetLastError
LocalFree
GetModuleHandleA
MultiByteToWideChar
lstrcpyA
lstrcatA
lstrlenA
CreateThread
ExpandEnvironmentStringsA
DeviceIoControl
LoadLibraryA
GetProcAddress
ResetEvent
RemoveDirectoryA
GetLastError
FindClose
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
CloseHandle
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceCounter
QueryPerformanceFrequency
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
CreatePipe
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
FreeLibrary

gdi32

SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC
GetStockObject

advapi32

RegQueryInfoKeyA
ImpersonateLoggedOnUser
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
StartServiceA
QueryServiceStatus
ControlService
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusExA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenSCManagerA
RegSaveKeyA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegDeleteKeyA
LsaOpenPolicy
LsaClose
RegOpenKeyExA
RegEnumKeyExA
LsaRetrievePrivateData
LsaFreeMemory
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RevertToSelf

user32

mouse_event
SetCursorPos
GetDC
ReleaseDC
wsprintfA
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetProcessWindowStation
keybd_event
OpenWindowStationA
MessageBoxA
OpenDesktopA
SetThreadDesktop
GetKeyState
CallNextHookEx
GetForegroundWindow
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
GetMessageA
ExitWindowsEx
DispatchMessageA
GetThreadDesktop
SetProcessWindowStation
TranslateMessage

urlmon

URLDownloadToCacheFileA

msvcrt

memcpy
_strnicmp
_wcsnicmp
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
fputc
_errno
_fdopen
_ui64toa
ceil
_vsnprintf
memcmp
_CxxThrowException
time
localtime
strftime
setlocale
_mbsrchr
strncpy
wcslen
_snprintf
isprint
fprintf
strcmp
__CxxFrameHandler
_mbsnbcat
strlen
fclose
fwrite
fseek
fread
fopen
_beginthreadex
strncmp
free
memset
malloc
??2@YAPAXI@Z
_except_handler3
_stricmp
??3@YAXPAX@Z
_ftol
sprintf
memmove
_mbscmp
strcat
strcpy
_itoa
ftell
atoi
strstr

psapi

GetModuleFileNameExA
EnumProcessModules

netapi32

Netbios

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9967ae3b2f824c020d6de7cc94b9ea0d

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

urlmon

msvcrt

psapi

netapi32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 26KB

shared Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 26KB

shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB