db05df0498b59b42a8e493cf3c10c578_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db05df0498b59b42a8e493cf3c10c578_JaffaCakes118
Size

745KB
MD5

db05df0498b59b42a8e493cf3c10c578
SHA1

01b16378f74c4d915b76067ab02497ae645be791
SHA256

33e6c3f5a66512c136e53ede2095fc240973fa58a9d8a7b69f23db01c53f2f59
SHA512

caba3b741af3876cf7e906e0fe6a8c94ea7804a7686a436e1f10068f4bb39086e459232ebc66be35d1f237d89dd55716750b975fd05b98b0ed6c3700febf3e40
SSDEEP

12288:72PiYoyrcK4tMrWdH0u9VkEItiWPj0GgPALBnGWTwVvRl2:729N4pbwEIEWPYHPcBnBTwV72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db05df0498b59b42a8e493cf3c10c578_JaffaCakes118

Files

db05df0498b59b42a8e493cf3c10c578_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
FreeLibrary
GetWindowsDirectoryA
GetComputerNameA
GetLocalTime
GlobalMemoryStatus
GetVolumeInformationA
FindVolumeClose
OpenProcess
CreateToolhelp32Snapshot
Module32First
SetLastError
GetModuleFileNameA
GetCurrentProcess
FlushConsoleInputBuffer
GetCurrentProcessId
MultiByteToWideChar
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateMutexA
ReleaseMutex
GetSystemTime
GetTickCount
LocalAlloc
LocalFree
Heap32ListFirst
Thread32Next
Heap32ListNext
Process32Next
Process32First
VirtualFreeEx
TerminateProcess
Module32Next
Thread32First
Toolhelp32ReadProcessMemory
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsA
ResetEvent
RemoveDirectoryA
GetLastError
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindClose
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetStartupInfoA
CloseHandle
CreateProcessA
FindFirstVolumeA

user32

GetDC
ReleaseDC
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
SetCursorPos
OpenInputDesktop
GetUserObjectInformationA
OpenDesktopA
SetThreadDesktop
CloseDesktop
mouse_event
PostMessageA
wsprintfA
ExitWindowsEx
MessageBoxA

gdi32

SelectObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
DeleteService
StartServiceA
QueryServiceStatus
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyA

ws2_32

WSASetLastError
shutdown
inet_addr
gethostbyname
closesocket
htonl
htons
socket
connect
ntohl
select
WSACleanup
WSAStartup
send
recv
WSAGetLastError

ntdll

tolower
isspace
isdigit
_strnicmp
_aulldiv
_aullrem
isxdigit
isupper
sscanf
_alloca_probe
strstr
atoi
_itoa
strcmp
strcat
memcpy
_allmul
_alldiv
memset
strncmp
strcpy
strlen
wcsstr
strtoul
qsort
_stricmp
_wcsnicmp
strncpy
memcmp
_vsnprintf
wcstombs
strncat
strchr
ceil
_ftol
_aullshr
sprintf
memmove
RtlUnwind
_chkstk

msvcrt

_errno
fprintf
_mbsrchr
_CxxThrowException
ftell
_mbscmp
malloc
_EH_prolog
__CxxFrameHandler
free
_beginthreadex
fopen
fread
fseek
fwrite
fclose
_mbsnbcat
fflush
fputc
_iob
signal
_getch
fputs
gmtime
_stat
fgets
_setmode
_wfopen
vfprintf
getenv
raise
_exit
realloc
time
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_fdopen

netapi32

Netbios

Exports

Exports

RundllInstall
RundllUninstall
ServiceInstall
ServiceMain
UnServiceInstall

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

ntdll

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 534KB - Virtual size: 534KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 14KB - Virtual size: 22KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 534KB - Virtual size: 534KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 14KB - Virtual size: 22KB

.reloc
Size: 33KB - Virtual size: 33KB