fec031231baeb0ffc450795da6d3750b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fec031231baeb0ffc450795da6d3750b_JaffaCakes118
Size

145KB
MD5

fec031231baeb0ffc450795da6d3750b
SHA1

2aa85cda88fa0533e96ff5c55906a7920a61673d
SHA256

739d62f7964fff11a68d0218d5f8e4d30d73e50de8441e0cf7abc3bfc21ef173
SHA512

bacd113b0f5155e755832f4e6f0c25b25cf52b6ec3eb0f32828cca555596131e95355a9b762598e47dcc4a7ea9376394581037a53fa2adbcc9e719f1fb74f292
SSDEEP

1536:3oA7UHmR7+lBlpFZ6h96cQ97gBTGYFv8r+bxUQgiUb2CxxMq6sBItPRHmtpRCq+0:3oA77RaHz2Kgp+r+C3R+i2ACbmSZIh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fec031231baeb0ffc450795da6d3750b_JaffaCakes118

Files

fec031231baeb0ffc450795da6d3750b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a62d350728e7a34e29f1dba32d14b561

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfW
UnregisterDeviceNotification
RegisterDeviceNotificationA
PeekMessageA
MsgWaitForMultipleObjectsEx
MessageBoxW
GetMenuState

advapi32

GetTokenInformation
SystemFunction012
StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetEntriesInAclW
AccessCheck
AddAccessAllowedAce
AllocateAndInitializeSid
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeleteService
DeregisterEventSource
EqualSid
FreeSid
GetExplicitEntriesFromAclW
GetFileSecurityW
GetLengthSid
GetLocalManagedApplications
GetNamedSecurityInfoW
GetSecurityDescriptorControl
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
MapGenericMask
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf

setupapi

CM_Add_Empty_Log_Conf_Ex
CM_Enable_DevNode
SetupFindNextLine
SetupDiSetSelectedDriverW
SetupDiSetSelectedDevice
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInterfaceData
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
CM_Run_Detection
CM_Request_Device_EjectW
CM_Next_Range
CM_Locate_DevNodeA
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_IDA
CM_Get_DevNode_Registry_PropertyW
CM_Get_Depth

ole32

CoFreeAllLibraries
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoCreateInstance

kernel32

VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQueryEx
WaitForSingleObject
FindClose
UnmapViewOfFile
UnhandledExceptionFilter
TryEnterCriticalSection
TlsGetValue
TlsFree
TlsAlloc
TerminateThread
Sleep
SetUnhandledExceptionFilter
SetThreadLocale
SetThreadExecutionState
SetThreadContext
SetPriorityClass
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
SetCommConfig
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
OutputDebugStringA
OpenThread
OpenProcess
MultiByteToWideChar
MoveFileW
MapViewOfFile
LocalHandle
LocalAlloc
LoadLibraryW
LoadLibraryExW
LoadLibraryA
lstrlenW
lstrcpyW
lstrcmpiA
WriteFile
CancelIo
CloseHandle
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
FindCloseChangeNotification
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetComputerNameExW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetHandleInformation
GetLargestConsoleWindowSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetShortPathNameW
GetSystemInfo
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersionExA
GetVolumeInformationW
GlobalAlloc
HeapDestroy
InitAtomTable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
IsBadReadPtr
IsDebuggerPresent
WideCharToMultiByte

shell32

SHGetFolderPathW

ws2_32

bind
socket
send
select
recv
listen
ioctlsocket
WSAConnect
WSARecvFrom
__WSAFDIsSet
accept
closesocket
connect
getsockname
getsockopt

Exports

Exports

AHeartbeat
DoHotMailWizard
HrSafeGetStreamSize
HrStreamSeekBegin
MawDeviceCallback

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 995B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a62d350728e7a34e29f1dba32d14b561

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

setupapi

ole32

kernel32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 995B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 995B