fa4c6a97f5618cbfed15e6f560d42fa2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa4c6a97f5618cbfed15e6f560d42fa2_JaffaCakes118
Size

64KB
MD5

fa4c6a97f5618cbfed15e6f560d42fa2
SHA1

04f84ecbc379e73c68742ccfa68b89cfb85ba1a4
SHA256

2cea1a15ff0651c6bfab124ea66cb2db707cc84fb2fdda3f18a2a3c2676911f9
SHA512

c213d228ff3da2831cb05fb0c1f6ef7f2b097d7677cd44133a599e977aaf48788d8ca3f4f8a85e8af80344b86193f43d574b8922fc966a62029ad6619e13a356
SSDEEP

1536:LyebhCDTkbVQkQk0EMhaZ9V3GRm1b7KiAhnU:zhupFBYZ9V2Rm1fKiA9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa4c6a97f5618cbfed15e6f560d42fa2_JaffaCakes118

Files

fa4c6a97f5618cbfed15e6f560d42fa2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96551cba61086428a4f3a2cf9236dc99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Work\hack\BackDoor\vista\i386\MainDLL.pdb

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
ContinueDebugEvent
WaitForDebugEvent
GetCurrentProcessId
SetEvent
GetCommandLineA
WideCharToMultiByte
OpenEventA
DeleteCriticalSection
LeaveCriticalSection
RemoveDirectoryA
GetCurrentThreadId
GetFileAttributesA
CopyFileA
EnterCriticalSection
DuplicateHandle
GetProcessVersion
CreateSemaphoreA
FreeLibraryAndExitThread
OpenThread
MoveFileA
ReadFile
GetFileSize
CreateThread
InitializeCriticalSection
SetFilePointer
CreatePipe
PeekNamedPipe
TerminateThread
FindNextFileA
ReleaseSemaphore
FindFirstFileA
CreateEventA
DisableThreadLibraryCalls
GetModuleFileNameA
BeginUpdateResourceA
UpdateResourceA
LoadResource
LockResource
EndUpdateResourceA
FindResourceA
CreateDirectoryA
SizeofResource
Sleep
GetProcAddress
LoadLibraryA
GlobalFree
FreeLibrary
LocalAlloc
GetTempPathA
CreateFileA
CloseHandle
GetVersionExA
SetLastError
GetCurrentProcess
GetLastError
OutputDebugStringA
OpenProcess
CreateMutexA
GetShortPathNameA
WriteFile
FormatMessageA
ExpandEnvironmentStringsA
CreateProcessA
DeleteFileA
LocalFree
GetSystemTime
FindClose
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcessHeap
HeapFree
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
FlushInstructionCache
VirtualProtect

advapi32

RevertToSelf
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
QueryServiceConfigA
RegDeleteValueA
RegOpenKeyExA
ChangeServiceConfigA
OpenSCManagerA
GetKernelObjectSecurity
SetEntriesInAclA
GetSecurityDescriptorDacl
SetKernelObjectSecurity
MakeAbsoluteSD
StartServiceA
ImpersonateLoggedOnUser
CloseServiceHandle
ControlService
OpenServiceA
QueryServiceStatus
DuplicateTokenEx
BuildExplicitAccessWithNameA
OpenProcessToken
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityDescriptorDacl

msvcrt

_strlwr
_strnicmp
_CxxThrowException
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_stricmp
__CxxFrameHandler
strncpy
fclose
??3@YAXPAX@Z
strstr
malloc
atoi
strchr
wcsncmp
sprintf
free
srand
_vsnprintf
_snwprintf
rand
realloc
wcstombs
_initterm
??1type_info@@UAE@XZ
strncmp
??_U@YAPAXI@Z
fread
??_V@YAXPAX@Z
_snprintf
??2@YAPAXI@Z
fopen
strncat
memset
strcat
strcpy
strlen
memcpy
_wcsnicmp

ntdll

NtQueryInformationProcess
NtQuerySystemInformation

ws2_32

socket
getsockname
WSAStartup
shutdown
htonl
closesocket
inet_addr
inet_ntoa
gethostbyname
select
ntohs
bind
connect
send
recv
htons
setsockopt
gethostname
WSAGetLastError

wininet

InternetQueryOptionA

urlmon

URLDownloadToCacheFileA

oleaut32

GetErrorInfo

Exports

Exports

BadApplicationServiceMain
CryptServiceMain
Dot3SvcMain
F1
F2
F21
F4
F51
F52
HardwareDetectionServiceMain
IkeServiceMain
ScServiceMain
SchedServiceMain
ServiceMain
SvchostEntry_W32Time
ThemeServiceMain
UserProfileServiceMain
WUServiceMain
WlanSvcMain
_crt_debugger_hook

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IPCSEG
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96551cba61086428a4f3a2cf9236dc99

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcrt

ntdll

ws2_32

wininet

urlmon

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

IPCSEG Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

IPCSEG
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB