faae24d9a6d0962b34898acb1182bb47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

faae24d9a6d0962b34898acb1182bb47_JaffaCakes118
Size

41KB
MD5

faae24d9a6d0962b34898acb1182bb47
SHA1

57a31857c5e1fd3bf1f2b9db870ac910483f6b09
SHA256

fec87a04a77da515feedc53f7af6fa41a882a6f2531c839391ded1aca06919df
SHA512

66c6d732bc23d2c7c0e9a184c7dde966cbeac546e52bd11256bc8c472dad89362e89c0ddf5444f885db906b928a2c62ec86bbda8abc680755c0f5155a9bdfe3a
SSDEEP

768:6BtE7dw2t7V0IvkPENCfyDJMX1a8YjwxzcxYZnBnE6leiE9hHCK56ThG8w3n:6sBwM7VsK5FW48YjqBnE6lY9hr56lGz3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faae24d9a6d0962b34898acb1182bb47_JaffaCakes118

Files

faae24d9a6d0962b34898acb1182bb47_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5018465423dd7a9b90ed25d0b57f0df5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
GetFileAttributesA
GetSystemDirectoryA
ExitThread
ReadFile
PeekNamedPipe
WriteFile
GetFileSize
CreateFileA
CreateDirectoryA
GlobalFree
SetLastError
CreateThread
HeapAlloc
GetProcessHeap
ReadDirectoryChangesW
lstrcpyA
GetModuleFileNameA
OutputDebugStringA
GetStdHandle
SetFilePointer
MultiByteToWideChar
TerminateProcess
Sleep
OpenProcess
CreatePipe
GetStartupInfoA
CreateProcessA
TerminateThread
GetExitCodeThread
FreeLibrary
FreeConsole
GetLastError
GetModuleHandleA
WideCharToMultiByte
GetComputerNameA
CloseHandle
GetSystemInfo
GetVersionExA
GetSystemPowerStatus
GetTickCount
GlobalMemoryStatus
GetDriveTypeA
GetDiskFreeSpaceA
LoadLibraryA
GetProcAddress
GetCurrentProcess
GlobalAlloc

user32

GetDC
GetSystemMetrics
wsprintfA

gdi32

GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetObjectA

msvcrt

fclose
fgetc
fopen
_chdir
_getcwd
fprintf
_findclose
_findnext
strstr
_findfirst
strchr
fread
fseek
fwprintf
strncat
_iob
_strdate
_strtime
_vsnprintf
__dllonexit
fgets
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
atol
srand
_atoi64
strncpy
wcstombs
_CxxThrowException
__CxxFrameHandler
_snprintf
_ftol
time
_ftime
atoi
_except_handler3
??2@YAPAXI@Z
realloc
free
malloc
sprintf
rand
_onexit
atof
_wcsnicmp
??3@YAXPAX@Z
_stricmp

ws2_32

socket
htons
inet_addr
connect
gethostbyname
shutdown
closesocket
select
__WSAFDIsSet
WSACleanup
WSAStartup
recv
send
inet_ntoa
gethostname

wininet

InternetGetConnectedState

netapi32

NetServerEnum
NetApiBufferFree

advapi32

LookupPrivilegeValueA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegCreateKeyA
LogonUserA
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetTokenInformation
LookupAccountSidA
GetUserNameA
OpenProcessToken
AdjustTokenPrivileges

ole32

CoCreateInstance
CoInitialize

msvcp60

??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Exports

Exports

InstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5018465423dd7a9b90ed25d0b57f0df5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

ws2_32

wininet

netapi32

advapi32

ole32

msvcp60

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 52KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 52KB

.reloc
Size: 3KB - Virtual size: 3KB