d5ec2f7874241169498e2c7a12884f52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5ec2f7874241169498e2c7a12884f52_JaffaCakes118
Size

56KB
MD5

d5ec2f7874241169498e2c7a12884f52
SHA1

fbd6998d5fe5ad3502a32cff1b73c1c221da1105
SHA256

446de317520fd18ec8ea1185eb3c54e2c39c2f696c02ecd4d9772340bb23c8be
SHA512

284c4c130587b87722e34cf1e030d256e65ffa7bd5314e7bda3859c8fb256cab3c3b6c20bbb1fc4ceb97b4d119d979d439f59ee76d6e6776aae4cef64249c17f
SSDEEP

768:KYXqrvOjoc90XwC/gvdW7b/98RQt3Qyu40HOL92ovAg++s:KYqWocMf/4dW7FpuNOxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5ec2f7874241169498e2c7a12884f52_JaffaCakes118

Files

d5ec2f7874241169498e2c7a12884f52_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ea30512ff032a8f28f3b4be6988c4da0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
SetThreadDesktop
GetActiveWindow
GetUserObjectInformationA
EnumChildWindows
SetWindowsHookExW
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
CreateDesktopA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
IsWindow
SendMessageA
DestroyWindow
GetMessageA
DispatchMessageA
ShowWindow
BringWindowToTop
UpdateWindow
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
CharUpperA
wsprintfA
OpenDesktopA
PostMessageA
SetCursorPos
SendInput
GetThreadDesktop
OpenInputDesktop
MessageBoxA

gdi32

DeleteDC
GetDeviceCaps
CreateDCA
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetDIBits
BitBlt
SelectObject

advapi32

RegCreateKeyExA
LookupPrivilegeValueA
OpenProcessToken
ImpersonateSelf
OpenThreadToken
ChangeServiceConfigA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegQueryValueExA
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
EnumServicesStatusA
DeleteService
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AdjustTokenPrivileges

shell32

SHEmptyRecycleBinA
ShellExecuteA
SHFileOperationA

ole32

CreateStreamOnHGlobal

ws2_32

connect
socket
bind
setsockopt
listen
accept
ntohs
getsockname
select
recv
send
WSASocketA
WSADuplicateSocketA
WSAStartup
inet_addr
gethostbyname
inet_ntoa
closesocket
htons

shlwapi

SHDeleteKeyA
StrCmpNIA
StrRChrA
StrStrA
StrCmpW
StrToIntA
StrChrA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

imm32

ImmGetCompositionStringW
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

msvcrt

_adjust_fdiv
_initterm
strstr
strchr
malloc
wcscmp
free
__CxxFrameHandler
_beginthread
??2@YAPAXI@Z
??3@YAXPAX@Z

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

GetLastError
lstrcmpA
FindNextFileA
FindFirstFileA
lstrcmpiA
GetCurrentProcessId
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
CreateProcessA
DeviceIoControl
GetOEMCP
GetACP
GetComputerNameA
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVersion
QueryPerformanceCounter
GetDriveTypeA
lstrcpyA
MoveFileA
FindClose
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetProcAddress
CreateThread
GetFileAttributesA
ExitProcess
lstrlenW
WideCharToMultiByte
GetLocalTime
GetSystemDirectoryA
GetModuleFileNameA
GetStartupInfoA
CallNamedPipeA
OpenEventA
lstrcatA
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
WriteFile
GetTempPathA
SetPriorityClass
lstrlenA
GetFileSize
DeleteFileA
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
GetCurrentThreadId
DisconnectNamedPipe
SetFilePointer
GetPriorityClass
GetCurrentThread
GetThreadPriority
SetEvent
GetVolumeInformationA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
CreateDirectoryA
GetFileAttributesExA
Sleep
WaitForSingleObject
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
CreateFileA
GetFileSizeEx
SetFilePointerEx
ReadFile
CloseHandle
GetTickCount
QueryPerformanceFrequency
SetThreadPriority

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea30512ff032a8f28f3b4be6988c4da0

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

wininet

imm32

msvcrt

avicap32

kernel32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 1KB

Share Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 3KB

.text Size: 512B - Virtual size: 510B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

Share
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 510B