08da1f6edff3c65bb6c99ed0483c1e0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08da1f6edff3c65bb6c99ed0483c1e0f_JaffaCakes118
Size

492KB
MD5

08da1f6edff3c65bb6c99ed0483c1e0f
SHA1

3e8b1cc3e13af9d4838524d8de8fe9d4e51d0101
SHA256

dd7dc5f1038f6644f48c33e3d968b870caad1e0cadc86f6f8031b2d9f4214d36
SHA512

4fb0de61915a31a5ade4dbcac468525cf04a34aa33a0675a45d10dace307bea98e3bcbd079beca8541870a8afb9017bb4d4e1b483afdd74b8f100b008a501f60
SSDEEP

12288:K1DTr7iWML4QZpE9c8MHpqKf/u3MgTGedlADDLwm8N:fp8iff/unRADDL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08da1f6edff3c65bb6c99ed0483c1e0f_JaffaCakes118

Files

08da1f6edff3c65bb6c99ed0483c1e0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bda89c28c7230bdb3d35f907d65752c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetConnectedState
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCrackUrlA
InternetQueryOptionA
InternetConnectA
InternetSetOptionA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ws2_32

socket
WSALookupServiceEnd
htons
inet_addr
htonl
WSASocketA
WSAIoctl
closesocket
WSAStartup
gethostbyname
WSAGetLastError
recv
WSACleanup
WSALookupServiceNextA
WSALookupServiceBeginA
inet_ntoa
send
connect

mpr

WNetOpenEnumA
WNetCloseEnum
WNetEnumResourceA

wintrust

WinVerifyTrust

rpcrt4

UuidCreate

kernel32

ExitThread
CreateThread
GetTimeZoneInformation
HeapAlloc
GetCommandLineA
InterlockedIncrement
Sleep
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
lstrcpyA
lstrcpynA
lstrlenA
lstrcmpiA
SetEvent
GetCurrentProcessId
CreateEventA
CloseHandle
OpenProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
WaitForSingleObject
ReleaseMutex
ResetEvent
WaitForMultipleObjects
CreateMutexA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTickCount
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetCurrentThreadId
GetWindowsDirectoryA
GetModuleFileNameA
FindNextFileA
FindFirstFileA
SetFilePointer
CreateFileA
ReadFile
WriteFile
HeapReAlloc
_lclose
_lwrite
_lcreat
RemoveDirectoryA
FindClose
DeleteFileA
lstrcatA
MoveFileA
InterlockedDecrement
SetEnvironmentVariableA
GetEnvironmentVariableA
GetLongPathNameA
GetShortPathNameA
GetCurrentProcess
GetTempPathA
CopyFileA
GetFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
SetEndOfFile
GetFileSize
MoveFileExA
GetCurrentThread
SetThreadPriority
CreateProcessA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
RaiseException
LocalAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
GlobalSize
GetSystemTimeAsFileTime
GetTempFileNameA
CompareFileTime
OpenMutexA
ExitProcess
IsDBCSLeadByteEx
RtlUnwind
HeapFree
LCMapStringA
LCMapStringW
GetCPInfo
SetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
HeapSize
VirtualQuery
UnhandledExceptionFilter
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
CreateDirectoryA

user32

ReleaseDC
ValidateRect
InvalidateRect
FindWindowExA
wsprintfA
GetClientRect
GetKeyState
GetWindowRect
EnumChildWindows
IsWindowVisible
FillRect
GetWindow
SetClipboardData
CloseClipboard
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetSysColor
GetWindowTextA
SystemParametersInfoA
GetDC
SetTimer
KillTimer
FindWindowA
GetWindowThreadProcessId
GetForegroundWindow
MessageBoxA
GetParent
DefWindowProcA
CallWindowProcA
SetWindowTextA
UnhookWindowsHookEx
GetWindowTextW
SetFocus
GetFocus
SetWindowLongA
SendMessageA
ReleaseCapture
CallNextHookEx
SetWindowsHookExA
GetWindowLongA
GetAsyncKeyState
GetClassNameA
DestroyWindow
GetClipboardData
OpenClipboard
PostMessageA
EmptyClipboard

gdi32

SelectObject
GetTextExtentPoint32A
GetPixel
SetTextColor
SetBkColor
GetTextAlign
SetTextAlign
GetTextExtentExPointA
CreateFontIndirectA
CreateSolidBrush
DeleteObject
TextOutA
GetDeviceCaps

advapi32

SetServiceStatus
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegQueryValueExA
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA

ole32

OleRun
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
GetErrorInfo
VariantCopy
VariantInit
SysFreeString
SysAllocString
VariantChangeType

shlwapi

PathIsRelativeA
PathCreateFromUrlA
PathAddExtensionA
StrCSpnA
StrNCatA
StrTrimA
PathIsDirectoryA
StrStrIA
PathRemoveExtensionA
PathStripPathA
PathFileExistsA
StrRChrA
StrChrA
StrStrA
UrlEscapeA
StrCmpNIA
PathCombineA
SHDeleteKeyA
PathRemoveFileSpecA
PathAppendA
StrCmpNA
wnsprintfA

setupapi

SetupIterateCabinetA

crypt32

CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertVerifyTimeValidity
CertGetNameStringA
CertFindCertificateInStore
CertCloseStore

Exports

Exports

Command
Install
Main
Service
Uninstall

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bda89c28c7230bdb3d35f907d65752c8

Headers

File Characteristics

Imports

wininet

ws2_32

mpr

wintrust

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

crypt32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 92KB - Virtual size: 105KB

.shared Size: 4KB - Virtual size: 621B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 92KB - Virtual size: 105KB

.shared
Size: 4KB - Virtual size: 621B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 28KB - Virtual size: 26KB