d00f0818093c5960cb3ea0de3b93f341_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d00f0818093c5960cb3ea0de3b93f341_JaffaCakes118
Size

364KB
MD5

d00f0818093c5960cb3ea0de3b93f341
SHA1

a7bdf8da3a30ac98a0df9fd0bd50f61a330056f1
SHA256

e3c48c72d0d090ac01bff8bf6d54c08a6fedcda2e527d424d6f64a70016d2ba6
SHA512

681fe9460252b315e6bc976793b0a594cfc501ad574b03525597aa0d5342201672811cf6bd86b5412d9a43df5500e43f28bdab1e5ca361e431532ecce5e5ca05
SSDEEP

6144:gzAILNLdvVA988yVzjtSYnY8NcE2mzWHRYLk1KZELZkwhg2x9xbYn4g2zlw:gLZ6lyVJnNNjzW9wZELOqc4g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d00f0818093c5960cb3ea0de3b93f341_JaffaCakes118

Files

d00f0818093c5960cb3ea0de3b93f341_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2577f2cf193fc75add086dfe65bc3c0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\toward\Valley\home\lost\For\special\Fellwhich.pdb

Imports

kernel32

GetCurrentProcessId
CloseHandle
TlsAlloc
GetModuleFileNameA
LoadLibraryA
VirtualProtectEx
Sleep
WideCharToMultiByte
TlsSetValue
ExitProcess
HeapSize
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsFree
SetLastError
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSection
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

RegisterServiceCtrlHandlerA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
FreeSid
OpenSCManagerA
SetSecurityDescriptorOwner
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyExA
OpenServiceA
OpenProcessToken
StartServiceCtrlDispatcherA
OpenThreadToken
SetSecurityDescriptorGroup
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
RegCreateKeyExA

mswsock

EnumProtocolsA
GetNameByTypeA
SetServiceA

comsvcs

MTSCreateActivity

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2577f2cf193fc75add086dfe65bc3c0d

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

mswsock

comsvcs

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 60KB - Virtual size: 130KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 60KB - Virtual size: 130KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 8KB - Virtual size: 6KB