fa347b8954b187fa1f1488d3614160a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa347b8954b187fa1f1488d3614160a6_JaffaCakes118
Size

552KB
MD5

fa347b8954b187fa1f1488d3614160a6
SHA1

3e7be059be9fc55e3b6dfe62483f07557bf66e83
SHA256

49954df6361c791f6b09273ddb4dec0d61ae6cddc3c19c80ea4665816f12a1c2
SHA512

3a7a2ba9f8cc8f6a1128c07478c694fc478e19eacb6443ac2c3083b0383e4d5a3a39508a026ce2dc50e95a3c792159587c3658ddf0ca3ae86d488c72c0614d83
SSDEEP

12288:lhuO7zg6oZUC+5hqmcgMDMMvT32OF2Sjn:L7zaUC+5hqVgsPT32Pmn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa347b8954b187fa1f1488d3614160a6_JaffaCakes118

Files

fa347b8954b187fa1f1488d3614160a6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9cf8015e126cf75a745dd1f81af0a677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord8
ord121
ord144
ord124
ord103
ord17

kernel32

CreateDirectoryA
FindFirstFileA
GetModuleFileNameA
WriteFile
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FindClose
SetLastError
DeviceIoControl
GetTickCount
DefineDosDeviceA
QueryDosDeviceA
GetCurrentThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
lstrlenA
FormatMessageA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
GetCurrentProcessId
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumSystemLocalesA
GetLocaleInfoA
GetFileTime
SetFileTime
SetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
DeleteFileA
LocalAlloc
CreateFileA
LocalFree
ReleaseMutex
CreateMutexA
GetVersion
GetTempPathA
CreateProcessA
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetVersionExA
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnhandledExceptionFilter
SetConsoleCtrlHandler
GetEnvironmentVariableA
IsValidCodePage
IsValidLocale
LCMapStringW
LCMapStringA
SetStdHandle
SetCurrentDirectoryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
RtlUnwind
FileTimeToLocalFileTime
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MoveFileA
SetEndOfFile
GetCPInfo
GetACP
GetOEMCP
Sleep
GetFileAttributesA
ReadFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
FatalAppExitA
TerminateProcess
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount

user32

MessageBoxA

advapi32

SetNamedSecurityInfoA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
SetEntriesInAclA
OpenProcessToken
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegSetValueA
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
SetFileSecurityA
RegQueryValueA
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetKeySecurity
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

iphlpapi

GetAdaptersAddresses

netapi32

Netbios

rpcrt4

UuidCreate

wsock32

getservbyname
getservbyport
inet_addr
htons
ioctlsocket
ntohs
WSAGetLastError
gethostbyname
closesocket
WSAStartup
gethostbyaddr
WSASetLastError
getsockname
bind
socket
htonl

Exports

Exports

IsServerInstalled
LMServiceFirewallAdd
LMServiceFirewallDisable
LMServiceFirewallRemove
initialiseNetworkSystem

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf8015e126cf75a745dd1f81af0a677

Headers

File Characteristics

Imports

msi

kernel32

user32

advapi32

iphlpapi

netapi32

rpcrt4

wsock32

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 156KB - Virtual size: 204KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 156KB - Virtual size: 204KB

.reloc
Size: 16KB - Virtual size: 13KB