ef8e0fb20e7228c7492ccdc59d87c690_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef8e0fb20e7228c7492ccdc59d87c690_JaffaCakes118
Size

632KB
MD5

ef8e0fb20e7228c7492ccdc59d87c690
SHA1

0fa4ec6540d7e8cbbc0a33bc9a7bcbcba7af4c7e
SHA256

b3d3fe54f71d41414232c342c37f539651ae3ee49ec2d47789cd2c71c6271b48
SHA512

799f80f6148bcf64ad54ff35ee5b603500d7a7adf5530c9bef79dd79991b41790f5d91eccf8d10fbf26a9e198aa2d7c917593993a4854639053bcde6edc15c06
SSDEEP

6144:MDtbnivA6Q09Ph7Hv3n6NfOCnRKugYnqGvYPIDxnh2VC1F5FG4Oj2KRxof+1RhRS:wji1uOTiCYd5FqCShaWTi5FBeI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef8e0fb20e7228c7492ccdc59d87c690_JaffaCakes118

Files

ef8e0fb20e7228c7492ccdc59d87c690_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d9b3d0074637853c4ffee5761d3d9065

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatus
GetVolumeInformationA
Module32First
Module32Next
Thread32First
GetLocalTime
GetComputerNameA
FlushConsoleInputBuffer
GetCurrentProcessId
GetStdHandle
GetFileType
GetVersion
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
Toolhelp32ReadProcessMemory
GetCurrentThreadId
lstrcpyA
GetSystemTime
GetWindowsDirectoryA
FreeLibrary
GetVersionExA
SetLastError
GetModuleFileNameA
GetCurrentProcess
GetTickCount
LocalAlloc
LocalFree
VirtualAllocEx
VirtualFreeEx
TerminateProcess
Heap32ListFirst
SystemTimeToFileTime
CompareFileTime
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
ResetEvent
RemoveDirectoryA
GetLastError
FindClose
GetFileAttributesExA
SetErrorMode
GetDriveTypeA
GetDiskFreeSpaceExA
CreateDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
ReadFile
WriteFile
SetEvent
CreateEventA
WaitForSingleObject
DeleteFileA
Sleep
CopyFileA
CloseHandle
CreatePipe
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
Heap32ListNext

user32

CloseWindowStation
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
GetUserObjectInformationA
OpenDesktopA
CloseDesktop
SetThreadDesktop
ReleaseDC
GetDC
SetCursorPos
mouse_event
keybd_event
PostMessageA
wsprintfA
ExitWindowsEx
OpenInputDesktop

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

ChangeServiceConfig2A
DeleteService
StartServiceA
QueryServiceStatus
ControlService
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusExA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
CloseServiceHandle
OpenSCManagerA
RegSaveKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDecrypt
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyA
CreateServiceA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DeregisterEventSource
ReportEventA
RegisterEventSourceA
AdjustTokenPrivileges

ws2_32

recv
send
WSAStartup
WSACleanup
select
WSAGetLastError
ntohl
connect
socket
htons
htonl
gethostbyname
inet_addr
closesocket
shutdown
WSASetLastError

msvcrt

fflush
gmtime
sscanf
isupper
_stat
isxdigit
fgets
_setmode
getenv
memchr
isdigit
isspace
tolower
strcmp
abort
vfprintf
wcsstr
qsort
realloc
_iob
signal
_getch
fputs
_mbsnbcat
fclose
fwrite
fseek
fread
fopen
_beginthreadex
free
strncmp
malloc
__CxxFrameHandler
_except_handler3
_mbscmp
_itoa
ftell
atoi
strstr
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf
wcstombs
strncat
strchr
_CxxThrowException
ceil
_ftol
_ui64toa
_mbsrchr
fprintf
_fdopen
_errno
strcpy
strlen
sprintf
memcpy
_stricmp
memset
fputc
time
memmove
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_wcsnicmp
strtoul

psapi

GetModuleFileNameExA
EnumProcessModules

netapi32

Netbios

Exports

Exports

RundllInstall
RundllUninstall
ServiceInstall
ServiceMain
UnServiceInstall

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9b3d0074637853c4ffee5761d3d9065

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

msvcrt

psapi

netapi32

Exports

Exports

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 51KB - Virtual size: 54KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 51KB - Virtual size: 54KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 34KB - Virtual size: 33KB