d2cfc90c4ff228c146623436d3c983aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d2cfc90c4ff228c146623436d3c983aa_JaffaCakes118
Size

144KB
MD5

d2cfc90c4ff228c146623436d3c983aa
SHA1

fa8e8094284b83d604401af531cb880c57ea96d7
SHA256

b682261330af82fecb57c956aac9ef3020b3bf33cd4a081e3aae40c5970e1856
SHA512

a15f976ecd4f2be0a942cb2a093aab56bc9b51e3d083139e46ab446e85da5e1e0b8f305cd029e6b7fba94b534c77ada4b2384772a24997a79d0cde005d6356c2
SSDEEP

3072:ZtsysEnV83hPxvgCSEK9H85UGgfUa/nm2H/:PsHmQKxuUGgfBnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2cfc90c4ff228c146623436d3c983aa_JaffaCakes118

Files

d2cfc90c4ff228c146623436d3c983aa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5f7498c07e3ce12578432a69ae72f461

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
ResumeThread
CreateThread
DeleteCriticalSection
VirtualFree
EnterCriticalSection
ResetEvent
InterlockedExchange
CancelIo
GetLastError
CreateDirectoryA
GetFileAttributesA
GetDiskFreeSpaceExA
FindClose
FindNextFileA
RemoveDirectoryA
GetFileSize
ReadFile
lstrlenA
WriteFile
MoveFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
SetLastError
Sleep
GetVersionExA
ExitProcess
GetCurrentProcess
GetVersion
DeviceIoControl
Process32First
Beep
OutputDebugStringA
CopyFileA
CreateRemoteThread
VirtualAllocEx
OpenProcess
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
MultiByteToWideChar
GetLocalTime
MapViewOfFile
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetStartupInfoA
CreatePipe
PeekNamedPipe
GetTickCount
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
ReleaseMutex
OpenEventA
SetUnhandledExceptionFilter
TerminateProcess
LocalReAlloc
GetComputerNameA
lstrcmpA
GetCurrentThreadId
GetModuleHandleA
Module32Next
lstrcmpiA
Module32First
CreateToolhelp32Snapshot
RaiseException
LocalAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle
CreateEventA

shlwapi

SHDeleteKeyA

msvcrt

_except_handler3
strrchr
strcmp
strcpy
strcat
strncpy
atoi
fclose
fwrite
fopen
strncmp
strchr
_errno
malloc
_snprintf
strncat
realloc
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
free
memcmp
strstr
strlen
_ftol
wcscpy
ceil
_strrev
_strnset
memmove
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
_strnicmp
_strupr
memset
??2@YAPAXI@Z
_strcmpi

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

netapi32

NetUserAdd
NetLocalGroupAddMembers

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

msvfw32

ICCompressorFree
ICSeqCompressFrameEnd
ICOpen
ICSendMessage
ICSeqCompressFrame
ICClose
ICSeqCompressFrameStart

Exports

Exports

GoLan
HackBlan
MainService
Off
ServiceMain
lan

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f7498c07e3ce12578432a69ae72f461

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

msvcp60

netapi32

imm32

msvfw32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB