f0319b052ed452cc1f5b8ac3f182500d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0319b052ed452cc1f5b8ac3f182500d_JaffaCakes118
Size

80KB
MD5

f0319b052ed452cc1f5b8ac3f182500d
SHA1

22552cd4df855e15bd5567411a3b537b55ced287
SHA256

19a4487493bb7b1b6163945b3973b71aa032ce7c289e04ff0c71ee33fd7be1e0
SHA512

cbedfd64214b24e2c3b7cff7b78e10f6ef6f5a8bb680072b78153fe5d2c4dd7daf37278a1b503aedc19650a172abc77d1767437a7101459eb58100dc99878d48
SSDEEP

1536:+rDdTpI4w/O1cltGCmR7guhgHRd3oKc+v+fzHK76aLkfJpVB/n:+rDdTpI403ltGCYMfHRd3oKVv4zHKTLW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0319b052ed452cc1f5b8ac3f182500d_JaffaCakes118

Files

f0319b052ed452cc1f5b8ac3f182500d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d6e1107b8ac16fe4adc86c22da29c3ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msvcrt

??3@YAXPAX@Z
memmove
_strnset
_strrev
_strnicmp
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
atoi
realloc
strchr
strncat
strtok
strncpy
strrchr
_except_handler3
malloc
free
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil

kernel32

lstrlenA
lstrcatA
GetDriveTypeA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
GetProcAddress
SetFilePointer
WriteFile
Sleep
GetModuleFileNameA
SetLastError
GetCurrentProcess
GetWindowsDirectoryA
TerminateThread
GetVersionExA
CreateEventA
GetLocalTime
WaitForSingleObject
GlobalFree
CreateDirectoryA
GlobalLock
GlobalAlloc
GlobalSize
GlobalMemoryStatusEx
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
lstrcmpiA
Process32First
GetCurrentThreadId
FreeLibrary
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetLastError
DeleteFileA
lstrcpyA
CancelIo
InterlockedExchange
SetEvent
CloseHandle
GlobalUnlock
LoadLibraryA
ReadFile
RaiseException

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorPos
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
wsprintfA
MessageBoxA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
mouse_event
WindowFromPoint
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
DeleteService
RegOpenKeyExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA

shell32

SHGetFileInfoA

ws2_32

connect
WSAStartup
gethostbyname
socket
select
closesocket
send
gethostname
htons
getsockname

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xran@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

Exports

Exports

Eternal
Go
Heart
On
ServiceMain
StartMe

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6e1107b8ac16fe4adc86c22da29c3ec

Headers

File Characteristics

Imports

shlwapi

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp60

wtsapi32

userenv

wininet

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 3KB