d4a1e0420d9d102827d375b6977abf4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4a1e0420d9d102827d375b6977abf4a_JaffaCakes118
Size

53KB
MD5

d4a1e0420d9d102827d375b6977abf4a
SHA1

744ed4ee111e8e1bc5fc1605e917bbf4a2f93d5c
SHA256

1f9b40d83ee1f7931e4f3371d7b7de4c4914d87a9262bb763a3948fb27d22a05
SHA512

7746aa1f73e02de61f7c5b43a7067acbc66ff172bfd44d8f8589a553c23d0b2819f6e771efc3f29ff3d005683e499a7a67ccd9a563948af34820b3d32c3dc518
SSDEEP

1536:jxf9npMvxaOyuoBErYLXRwllcGYSr7YI5C1i6QaF0:zG0IUvQaF0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4a1e0420d9d102827d375b6977abf4a_JaffaCakes118

Files

d4a1e0420d9d102827d375b6977abf4a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e6a93a31dd5c198580e80ec3ae9ea6bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

sprintf
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_stricmp
_strupr
_beginthreadex
wcstombs
strchr
strncat
_tzset
_strdate
_strtime
strstr
??3@YAXPAX@Z
atoi
free
??2@YAPAXI@Z
malloc
_CxxThrowException
__CxxFrameHandler
strncpy
_except_handler3
_strnicmp

kernel32

WriteFile
CreateFileA
lstrcatA
lstrcpyA
GetTickCount
GetSystemDefaultLangID
CloseHandle
GetPrivateProfileStringA
WaitForSingleObject
GetWindowsDirectoryA
CreateProcessA
ReadFile
GetFileSize
SetFilePointer
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
WaitForMultipleObjects
SetErrorMode
SetUnhandledExceptionFilter
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileIntA
SetEvent
CreateEventA
Process32Next
CreateToolhelp32Snapshot
MoveFileA
GetVersionExA
OpenProcess
Process32First
GlobalMemoryStatus
GetSystemInfo
GetLastError
lstrlenA
DeleteFileA
Sleep
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetComputerNameA
GetCurrentThreadId

user32

CloseDesktop
GetThreadDesktop
OpenWindowStationA
GetUserObjectInformationA
SetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
OpenDesktopA
GetSystemMetrics
GetProcessWindowStation

advapi32

RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
CreateProcessAsUserA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA
RegCreateKeyExA

shlwapi

StrStrA

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup

iphlpapi

GetAdaptersInfo

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain
xxxxxx

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6a93a31dd5c198580e80ec3ae9ea6bd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shlwapi

ws2_32

iphlpapi

psapi

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB