ea571128bc266580713cf3060526a526_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea571128bc266580713cf3060526a526_JaffaCakes118
Size

109KB
MD5

ea571128bc266580713cf3060526a526
SHA1

3bd16f11b5b3965a124a6fc3286297e5cfe77715
SHA256

4a196919cff93d11df04c607508be62408267a75a1f24a8282ef6e1b58163663
SHA512

f8b88351442f81d17ff673b6aa15464a1fcaba300d2e296ccb7e07971de865ca19cd6485cdb439e474d7d25257f3399928cea3e898e474fc06c92bc767ed394b
SSDEEP

1536:IU6c6PJ7Vakj3IaEDyDW3KPWGU/DcoikwXbBycZYyy5OJQKc+fYPvsWjcdMHQj7J:upEaPpIcHLh5ZfYPQHj7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea571128bc266580713cf3060526a526_JaffaCakes118

Files

ea571128bc266580713cf3060526a526_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b671ac5749649673e53e5f926f094297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
WTSGetActiveConsoleSessionId
LocalFree
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
lstrcmpA
GetNativeSystemInfo
SetUnhandledExceptionFilter
GetSystemDefaultLCID
GetDriveTypeA
GetExitCodeProcess
CreateProcessA
ReadFile
GetStartupInfoA
GetLogicalDriveStringsA
GetLastError
GetExitCodeThread
CreatePipe
GetVersionExA
CreateThread
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
Sleep
SetEvent
WaitForSingleObject
lstrcpyA
DeleteFileA
GetTempPathA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetProcAddress
lstrcmpiA
lstrcatA
GetSystemDirectoryA
GetSystemWow64DirectoryA
WriteFile
GetCurrentProcess
lstrlenA
SetFilePointer
CreateEventA
HeapReAlloc
RtlUnwind
LCMapStringW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
RaiseException
GetCPInfo
GetOEMCP
GetACP
GetFileSize
CreateFileA
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount

user32

GetDesktopWindow
GetWindowDC
GetSystemMetrics

gdi32

BitBlt
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
SetServiceStatus
GetUserNameA
CreateProcessAsUserA
OpenProcessToken
RegCloseKey
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
ConvertSidToStringSidA

iphlpapi

GetTcpTable

wtsapi32

WTSQueryUserToken

ws2_32

gethostbyname
closesocket
WSACleanup
WSAStartup
send
socket
recv
setsockopt
htons
inet_addr
connect
gethostname
inet_ntoa
WSAGetLastError
ntohs

gdiplus

GdipSaveImageToFile
GdipScaleWorldTransform
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromScan0

crypt32

CertCloseStore

secur32

FreeContextBuffer
EncryptMessage
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesA

Exports

Exports

ServiceMain
SigVer
SvchostPushServiceGlobals

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b671ac5749649673e53e5f926f094297

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

iphlpapi

wtsapi32

ws2_32

gdiplus

crypt32

secur32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB