feb816dfaaea4eac4f85be566b7dbebb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

feb816dfaaea4eac4f85be566b7dbebb_JaffaCakes118
Size

128KB
MD5

feb816dfaaea4eac4f85be566b7dbebb
SHA1

24d2a0d4d36d5f1c0eeaa252151f1005a5834716
SHA256

8e8be98d19a827e56e703284cc25ca8e55f8733c0346bbb3d986d864f2dd3d0b
SHA512

db023f852847f6876977c00de4d577f7b84464f60f99c558cba253e047f309019e247fd331c76fb1aac41ac95047bf317fe2e1c7f68e71cac5f47cea64b2af06
SSDEEP

3072:qjAK/iGwU9RP5edoUEGPItYXA8RlQXun:g/iGRRPQ9cYwwQXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feb816dfaaea4eac4f85be566b7dbebb_JaffaCakes118

Files

feb816dfaaea4eac4f85be566b7dbebb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

872401dccc155803d7151d845be3cd0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
InterlockedExchange
LocalSize
CreatePipe
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
GetComputerNameA
lstrcmpA
lstrcmpiA
GetVersionExA
lstrlenA
SetLastError
GetModuleFileNameA
MoveFileA
SetFilePointer
ReadFile
CreateFileA
RemoveDirectoryA
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcatA
GetFileAttributesA
CreateDirectoryA
CreateEventA
GetLastError
Sleep
CancelIo
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
VirtualFree
InitializeCriticalSection
LoadLibraryA
GetProcAddress
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
OutputDebugStringA
GetLocalTime
MultiByteToWideChar
FreeLibrary
Beep
GetFileSize
GetVersion
CloseHandle
PeekNamedPipe

user32

MoveWindow
GetForegroundWindow
SendMessageA
SwapMouseButton
LoadCursorA
DestroyCursor
SystemParametersInfoA
MapVirtualKeyA
SetCapture
GetWindowRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
PostMessageA
OpenDesktopA
GetUserObjectInformationA
FindWindowA
ShowWindow
ExitWindowsEx
wsprintfA
CharNextA
GetMessageA
DispatchMessageA
WindowFromPoint
SetThreadDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetProcessWindowStation
GetCursorPos
ReleaseDC

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
DeleteService
ControlService
QueryServiceStatus
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
QueryServiceConfigA
EnumServicesStatusA
GetUserNameA
RegQueryValueA

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp
_strrev
_initterm
_strupr
_adjust_fdiv
_strcmpi
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
_CxxThrowException
realloc
strncat
_snprintf
wcscpy
_errno
strchr
strncmp
atoi
strncpy
strcat
strcpy
strcmp
strrchr
_except_handler3
malloc
free
memcmp
strstr
strlen
_ftol
ceil
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
memmove

winmm

waveInClose
waveInStop
waveOutWrite
waveOutClose
waveOutUnprepareHeader
waveInReset
waveInUnprepareHeader
mciSendStringA
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutReset

ws2_32

gethostname
ioctlsocket
__WSAFDIsSet
WSAStartup
recvfrom
sendto
listen
accept
getpeername
bind
getsockname
inet_addr
inet_ntoa
send
select
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
setsockopt
WSACleanup

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

netapi32

NetLocalGroupAddMembers
NetUserAdd

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

Exports

Exports

fengshao
sgaiycl
xhj

Sections

1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

872401dccc155803d7151d845be3cd0f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

netapi32

wininet

psapi

Exports

Exports

Sections

1 Size: 1KB - Virtual size: 1KB

PAGE Size: 28KB - Virtual size: 27KB

.text Size: 80KB - Virtual size: 79KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 5KB

1
Size: 1KB - Virtual size: 1KB

PAGE
Size: 28KB - Virtual size: 27KB

.text
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 5KB