dbdfa4e485be3edd07c35dcf03c2a400_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dbdfa4e485be3edd07c35dcf03c2a400_JaffaCakes118
Size

69KB
MD5

dbdfa4e485be3edd07c35dcf03c2a400
SHA1

7278159dd14d4fb336b0732416c1186683229721
SHA256

b1ae3050a2b48e1d0cc890939eff95f8ece603fcecd581aa0cda77ab9d642924
SHA512

ee04b878e705e735f8da07a258d4ef84504e0debbc36602180b38d6d9097bcf9751f4ef3414e0fe3ffa758a2f06618885ad0ceb50713207bc4bbfbfbe7b2f84c
SSDEEP

768:I4GuXCvvcL43ImMQEtGqhGwwi5hik24hLsOdh7KgpNtUCJIetWyKnDL/KlFbG6yi:7yvJ3IHXhGwlskvLsU8geoBcT+jyFzg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbdfa4e485be3edd07c35dcf03c2a400_JaffaCakes118

Files

dbdfa4e485be3edd07c35dcf03c2a400_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6584b6543b6f54f4bf419ee95d09fd36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ExitWindowsEx
CallNextHookEx
GetThreadDesktop
wsprintfA
SetTimer
UnhookWindowsHookEx
SetWindowsHookExA
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
GetForegroundWindow
SetWindowsHookExW
GetWindowTextA
GetWindowThreadProcessId
wsprintfW
GetActiveWindow
CharLowerA
PostThreadMessageA
CharUpperA
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
DestroyWindow
DispatchMessageA
OpenInputDesktop
SetThreadDesktop
MessageBoxA
GetMessageA
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
IsWindow
SendMessageA

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
CreateDCA
CreateCompatibleBitmap
GetDIBits

advapi32

RegQueryValueExA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
OpenServiceA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle

shell32

ShellExecuteA
SHFileOperationA
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal

ws2_32

listen
setsockopt
bind
socket
htons
send
WSASocketA
closesocket
getsockname
ntohs
accept
WSAStartup
select
recv
inet_addr
gethostbyname
inet_ntoa
WSADuplicateSocketA
connect

shlwapi

StrRChrA
StrChrA
StrStrA
StrStrIA
SHDeleteKeyA
StrCmpNIA
StrCmpW
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmGetContext

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInClose
waveInOpen

msvcrt

free
wcscmp
malloc
strrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

lstrcatW
lstrlenW
OpenProcess
GetSystemDirectoryA
CreateDirectoryA
MoveFileA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
lstrcmpA
FindNextFileA
FindFirstFileA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
FlushFileBuffers
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
TerminateProcess
GetCommandLineA
ExitProcess
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
GetLocalTime
GetTempPathA
WriteFile
GetCurrentThread
SetEvent
GetCurrentProcessId
SetFilePointer
WideCharToMultiByte
SearchPathA
RaiseException
LoadLibraryA
GetModuleFileNameA
lstrlenA
DeviceIoControl
CreateFileA
CloseHandle
DeleteFileA
lstrcpyA
GetStartupInfoA
lstrcatA
CreateProcessA
GetCurrentThreadId
Sleep
WaitForSingleObject
GetTickCount

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6584b6543b6f54f4bf419ee95d09fd36

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

winmm

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 2KB

Share Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 2KB

Share
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB