e1b6940985a23e5639450f8391820655_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1b6940985a23e5639450f8391820655_JaffaCakes118
Size

745KB
MD5

e1b6940985a23e5639450f8391820655
SHA1

d5990dd65ee1af3e9e67da9410d9c1304913fd97
SHA256

bd35b10e076fe95e122a3dd7fe93df7621cac7e3c32261adcf45a81c10f6f692
SHA512

c7e517ac0e8139134ad2729dc1009b194db7cac016e236aa053372d6e75d43a1b0944d98ca6512fecf80e922d29dc39a893d1ffaff1fea557ba73b8459dbdf1d
SSDEEP

12288:sXt49oieUk3AML5dn0ONVkUYtimvekWsPQrBn2WTXVvRUC:sdVj3FbAUYEmv3rPMBnRTXVWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b6940985a23e5639450f8391820655_JaffaCakes118

Files

e1b6940985a23e5639450f8391820655_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
FreeLibrary
GetWindowsDirectoryA
GetComputerNameA
GetLocalTime
GlobalMemoryStatus
GetVolumeInformationA
FindVolumeClose
OpenProcess
CreateToolhelp32Snapshot
Module32First
SetLastError
GetModuleFileNameA
GetCurrentProcess
FlushConsoleInputBuffer
GetCurrentProcessId
MultiByteToWideChar
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
CreateMutexA
ReleaseMutex
GetSystemTime
GetTickCount
LocalAlloc
LocalFree
Heap32ListFirst
Thread32Next
Heap32ListNext
Process32Next
Process32First
VirtualFreeEx
TerminateProcess
Module32Next
Thread32First
Toolhelp32ReadProcessMemory
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsA
ResetEvent
RemoveDirectoryA
GetLastError
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindClose
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
GetStartupInfoA
CloseHandle
CreateProcessA
FindFirstVolumeA

user32

GetDC
ReleaseDC
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
SetCursorPos
OpenInputDesktop
GetUserObjectInformationA
OpenDesktopA
SetThreadDesktop
CloseDesktop
mouse_event
PostMessageA
wsprintfA
ExitWindowsEx
MessageBoxA

gdi32

SelectObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
DeleteService
StartServiceA
QueryServiceStatus
ChangeServiceConfig2A
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyA

ws2_32

WSASetLastError
shutdown
inet_addr
gethostbyname
closesocket
htonl
htons
socket
connect
ntohl
select
WSACleanup
WSAStartup
send
recv
WSAGetLastError

ntdll

tolower
isspace
isdigit
_strnicmp
_aulldiv
_aullrem
isxdigit
isupper
sscanf
_alloca_probe
strstr
atoi
_itoa
strcmp
strcat
memcpy
_allmul
_alldiv
memset
strncmp
strcpy
strlen
wcsstr
strtoul
qsort
_stricmp
_wcsnicmp
strncpy
memcmp
_vsnprintf
wcstombs
strncat
strchr
ceil
_ftol
_aullshr
sprintf
memmove
RtlUnwind
_chkstk

msvcrt

_errno
fprintf
_mbsrchr
_CxxThrowException
ftell
_mbscmp
malloc
_EH_prolog
__CxxFrameHandler
free
_beginthreadex
fopen
fread
fseek
fwrite
fclose
_mbsnbcat
fflush
fputc
_iob
signal
_getch
fputs
gmtime
_stat
fgets
_setmode
_wfopen
vfprintf
getenv
raise
_exit
realloc
time
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_fdopen

netapi32

Netbios

Exports

Exports

RundllInstall
RundllUninstall
ServiceInstall
ServiceMain
UnServiceInstall

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa757ea838e64a6cc6a1bca781d7de4a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

ntdll

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 534KB - Virtual size: 534KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 14KB - Virtual size: 22KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 534KB - Virtual size: 534KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 14KB - Virtual size: 22KB

.reloc
Size: 33KB - Virtual size: 33KB