fae50e7b64652f17cd9728a6b8f857ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fae50e7b64652f17cd9728a6b8f857ed_JaffaCakes118
Size

55KB
MD5

fae50e7b64652f17cd9728a6b8f857ed
SHA1

0e0a4ea0079ddf7686e58507ede523b809d57507
SHA256

5ed942ecf05184b29737b2446e257dc1fd1b330caf490262068d82dba64542a6
SHA512

5f069014cca3be664dfaac5f74feff40c62ac8dde245b5385548a6064d4d46f376b3e4e2e8c86ce33c2a4d23c70537813d931bb3e6aebbc195a344bd274266e7
SSDEEP

1536:JWJKnZtxVFJZwPnLn3VRdpihGXy8MieLrf1BQIl4C2R:cJ49BQIP2R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fae50e7b64652f17cd9728a6b8f857ed_JaffaCakes118

Files

fae50e7b64652f17cd9728a6b8f857ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bd5cd82dddf1ea27f773f404dd7400da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PeekMessageA
wsprintfA
ExitWindowsEx
TranslateMessage
DispatchMessageA

msvcp60

??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ

wsock32

select
closesocket
WSACleanup
WSASetLastError
recv
setsockopt
bind
htons
htonl
socket
__WSAFDIsSet
connect
accept
listen
send
WSAGetLastError
gethostbyname
inet_addr
gethostname
ioctlsocket
WSAStartup

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModules
EnumProcesses

mfc42

ord2077
ord2029
ord535
ord523
ord1247
ord791
ord6394
ord5450
ord6383
ord5440
ord823
ord2763
ord4129
ord926
ord5710
ord922
ord2764
ord4278
ord860
ord537
ord941
ord939
ord3811
ord2820
ord858
ord2818
ord3663
ord825
ord540
ord800

kernel32

GetLastError
SetCurrentDirectoryA
GetModuleFileNameA
Sleep
TerminateProcess
CreateProcessA
GetWindowsDirectoryA
CreatePipe
ReadFile
TerminateThread
CloseHandle
GetShortPathNameA
OpenProcess
LocalFree
LocalAlloc
ExitThread
DeleteFileA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GlobalMemoryStatus
GetComputerNameA
GetCurrentProcess
GetTickCount
GetVersionExA
GetSystemInfo
lstrlenA
DisconnectNamedPipe
WaitForMultipleObjects
CreateThread
GetSystemDirectoryA
WaitForSingleObject
WriteFile
PeekNamedPipe
DuplicateHandle

shell32

ShellExecuteA

netapi32

NetApiBufferFree
NetUserEnum

msvcrt

strncpy
strncat
free
strstr
_except_handler3
strncmp
strchr
malloc
??1type_info@@UAE@XZ
atoi
strtok
_vsnprintf
fopen
fclose
_strtime
_strdate
fprintf
_iob
sscanf
sprintf
??1exception@@UAE@XZ
_mbscmp
__CxxFrameHandler
_initterm
_adjust_fdiv
printf
_strnicmp

advapi32

OpenSCManagerA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
EnumServicesStatusA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
CreateServiceA
RegCreateKeyA

urlmon

URLDownloadToFileA

msvcirt

??1ios@@UAE@XZ
??0fstream@@QAE@XZ
??1fstream@@UAE@XZ
?close@fstream@@QAEXXZ
??_Dfstream@@QAEXXZ

Exports

Exports

Install
ServiceMain
Uninstall
_DllMain@12
_Install@16
_SvcCtrlFnct@4
_Uninstall@16
_install@16
_uninstall@16
install
uninstall

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 512B - Virtual size: 50B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd5cd82dddf1ea27f773f404dd7400da

Headers

File Characteristics

Imports

user32

msvcp60

wsock32

psapi

mfc42

kernel32

shell32

netapi32

msvcrt

advapi32

urlmon

msvcirt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.MaskPE Size: 512B - Virtual size: 50B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.MaskPE
Size: 512B - Virtual size: 50B