068a5be58dde68079b8b89e749acd0f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

068a5be58dde68079b8b89e749acd0f8_JaffaCakes118
Size

29KB
MD5

068a5be58dde68079b8b89e749acd0f8
SHA1

70a87acdc49d125174c37971e753b3ac22d5db70
SHA256

f50bdd3bf788b5e97f220a62c37e994be5a6df8d52e8fc20903d75ca85f8fc8d
SHA512

bbbf0dee6bbb3b4c303c36f1a8347437a09f96a3d7a9c15854570692bdba890e2a43b3761a23d9fbe559f4952d3c9f902ac43b28121c63db2e2024264a0166b3
SSDEEP

384:QHVjxZf9gOYoyl5vVrzN2DCO3LdSFY0FxEdWdqZnvFXcQMQi3:Q1jxgO/wvVKC2LdSFY0F8k0dXc+a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068a5be58dde68079b8b89e749acd0f8_JaffaCakes118

Files

068a5be58dde68079b8b89e749acd0f8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b7b27b88a4846af3a288b57bc56b410f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStructA
lstrcatA
GetSystemDirectoryW
lstrlenA
SetUnhandledExceptionFilter
GetEnvironmentStrings
GetVersionExW
InitializeCriticalSection
GetWindowsDirectoryA
OutputDebugStringA
ExitProcess
VirtualAlloc
RemoveDirectoryA
EnumSystemLocalesA
GetDateFormatA
SystemTimeToFileTime
IsValidCodePage
GetStringTypeA
GetFullPathNameW
CreateEventW
GetEnvironmentVariableA
GetCPInfo
GetFileSize
GetCurrentThread

msvcrt

wcsrchr
__set_app_type
fprintf
_wmkdir
_tzset
??1type_info@@UAE@XZ
_unlock
fputs
isxdigit
strncpy
_dup
_strcmpi
__p__fmode
_vsnprintf
_stricmp
localtime
srand
_ftol
_except_handler3
realloc
fseek
malloc
_strlwr
fread
wcsstr
?terminate@@YAXXZ
_read
_wtol
_sopen
bsearch
_itow

advapi32

RegQueryInfoKeyA
RegDeleteValueW
OpenServiceW
StartServiceCtrlDispatcherA
RegQueryValueExW
DeleteService
EqualSid
StartServiceW
CloseServiceHandle
OpenSCManagerW
AdjustTokenPrivileges
SetServiceStatus
UnlockServiceDatabase
QueryServiceConfig2A
LockServiceDatabase
RegDeleteKeyW
RegEnumValueW
InitializeSecurityDescriptor
RegCreateKeyW
RegQueryInfoKeyW

gdi32

SetRectRgn
CreatePatternBrush
MoveToEx
PlayMetaFile
GetViewportOrgEx
Polyline
PolyDraw
ExtTextOutA
OffsetViewportOrgEx
SetMapMode
DeleteObject
GetBrushOrgEx
GetPaletteEntries
ScaleWindowExtEx
SetPaletteEntries
LPtoDP
RestoreDC
DeleteDC
SetTextAlign
CreateRectRgnIndirect
GetTextAlign
GetTextMetricsA
OffsetRgn
SelectClipRgn
CreateRectRgn
TextOutA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA

Exports

Exports

PxNEtgRwndiEwBu
AtEavnWxuhbhbvk
QdssRuCjaugd
MbwgaMqmMetP

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fdata
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b27b88a4846af3a288b57bc56b410f

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

gdi32

version

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 618B

.idata Size: 8KB - Virtual size: 8KB

fdata Size: 2KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 618B

.idata
Size: 8KB - Virtual size: 8KB

fdata
Size: 2KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB