ea7b31ba9f0321137d7689f240b22b42_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea7b31ba9f0321137d7689f240b22b42_JaffaCakes118
Size

85KB
MD5

ea7b31ba9f0321137d7689f240b22b42
SHA1

8b8e456f2cea52e6e1b39db36fc4d52c38820bc9
SHA256

c738ea4269002f98de92e35f339114fab397a76ca575765ebc416515d7753f10
SHA512

2a379e4ce0b9b5e7bc4c33cefa70fdee1a881c09bad529379de4815647bacae1bd1ac49a20cd71cc7d1d30a50359e8928047c29f24504fc6aaf8ff6e89d5f218
SSDEEP

1536:ginP+iw8wTsiAN30S9LSCxgt4ry0oVPsre88xY6+7+n:FZhdZ10St7girB8F+7+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7b31ba9f0321137d7689f240b22b42_JaffaCakes118

Files

ea7b31ba9f0321137d7689f240b22b42_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetThreadDesktop
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
CallNextHookEx
OpenInputDesktop
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextA
PostThreadMessageA
GetWindowThreadProcessId
wsprintfW
GetMessageA
GetActiveWindow
CharLowerA
SetThreadDesktop
ExitWindowsEx
wsprintfA
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
ShowWindow
BringWindowToTop
UpdateWindow
EnumWindows
CharUpperA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDCA
GetDeviceCaps
DeleteObject

advapi32

RegSetValueExA
OpenThreadToken
RegisterServiceCtrlHandlerA
SetServiceStatus
LogonUserA
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ControlService
ChangeServiceConfigA
RegCreateKeyExA
AdjustTokenPrivileges
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf

shell32

SHEmptyRecycleBinA
SHFileOperationA
ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

setsockopt
inet_ntoa
gethostbyname
inet_addr
select
closesocket
send
getsockname
listen
recv
bind
socket
htons
connect
ntohs
accept
WSAStartup

shlwapi

StrCmpW
StrStrA
StrChrA
StrRChrA
SHDeleteKeyA
StrCmpNIA
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetCompositionStringW

avicap32

capGetDriverDescriptionA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
getenv
strrchr
malloc
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
OpenProcess
GetModuleFileNameA
GetDiskFreeSpaceExA
WideCharToMultiByte
SetFilePointer
FlushFileBuffers
lstrlenW
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
MoveFileA
CreateDirectoryA
SearchPathA
GetACP
GetOEMCP
GetLocalTime
lstrlenA
GetTempPathA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
GetCurrentThread
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetStartupInfoA
GetTickCount
WaitForSingleObject
Sleep
CreateProcessA
lstrcatA

Exports

Exports

MaindfefDz
DzService
ServiceMain

Sections

.hjkl
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.esdf
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jkui
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sxdcf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.swax
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wsdfr
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1bdd4e0df2de460df5ae206d116c09

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

msvcrt

kernel32

Exports

Exports

Sections

.hjkl Size: 61KB - Virtual size: 61KB

.esdf Size: 6KB - Virtual size: 6KB

.jkui Size: 1KB - Virtual size: 1KB

sxdcf Size: 4KB - Virtual size: 4KB

.swax Size: 3KB - Virtual size: 3KB

.wsdfr Size: 3KB - Virtual size: 2KB

.hjkl
Size: 61KB - Virtual size: 61KB

.esdf
Size: 6KB - Virtual size: 6KB

.jkui
Size: 1KB - Virtual size: 1KB

sxdcf
Size: 4KB - Virtual size: 4KB

.swax
Size: 3KB - Virtual size: 3KB

.wsdfr
Size: 3KB - Virtual size: 2KB