0d0b6aead136948f9d330151ec7faf67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d0b6aead136948f9d330151ec7faf67_JaffaCakes118
Size

588KB
MD5

0d0b6aead136948f9d330151ec7faf67
SHA1

ea8ec9aea31bc2555544baa813536efc7b2eeac6
SHA256

712f2c37d997b3fed0b408f5bfdbbe3267551830bd449816a1d63987065cffc3
SHA512

3df30ec84767e34f2085f52c172505b2f8ca20739cbda0871918fd0d6783438389e955577a0d692c4ca27ab37cf1d378794a1f340239ae8492cf0013cbd5c9e9
SSDEEP

6144:IGRrJ5zYypi1caDkxOlP4fbcbg4FgCOrirrNAf6vgwd6beU:IqrJxI1cpOlP48g4FbiirrNEViV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d0b6aead136948f9d330151ec7faf67_JaffaCakes118

Files

0d0b6aead136948f9d330151ec7faf67_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d55fd978e491b92263456468658de2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryW
GetVersionExW
GetLogicalDrives
GetLocalTime
GetModuleHandleW
Beep
MoveFileExW
SetFileAttributesW
SystemTimeToFileTime
GetSystemTime
GetFileTime
FileTimeToSystemTime
LockResource
SizeofResource
LoadResource
FindResourceW
CopyFileW
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetPrivateProfileStringW
GlobalFree
ReadFile
GlobalAlloc
GetWindowsDirectoryW
DeviceIoControl
LoadLibraryExW
VirtualProtect
lstrcmpW
SetFilePointer
SetEndOfFile
LoadLibraryA
FreeLibrary
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
FindNextFileW
GetSystemDirectoryW
OpenProcess
TerminateProcess
CreateThread
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
DeleteFileW
CreateProcessW
WaitForSingleObject
Sleep
SearchPathW
lstrcatW
GetLastError
lstrcmpiW
lstrcpyW
CreateFileW
WriteFile
CloseHandle
lstrcpynW
GetEnvironmentVariableW
FindFirstFileW
FindClose
lstrlenW

user32

GetWindowRect
SetDlgItemTextW
LoadIconW
GetSystemMetrics
EndDialog
MessageBoxW
DialogBoxParamW
MessageBeep
ExitWindowsEx
SetWindowTextW
SetFocus
wsprintfW
SendMessageW
SetWindowPos

comdlg32

GetOpenFileNameW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
EnumServicesStatusW
RegQueryValueW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
GetUserNameW
LookupAccountSidW
GetTokenInformation
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
OpenServiceW
CreateServiceW
ControlService
OpenProcessToken

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW
SHGetMalloc

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses

shlwapi

PathFileExistsW
SHGetValueW
StrStrIW
SHDeleteValueW
SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
SHSetValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetUserGetInfo

wininet

InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetOpenW

msvcrt

_lseek
remove
_tempnam
strrchr
_initterm
_adjust_fdiv
_close
_write
_read
_open
_errno
wcsncmp
_strcmpi
fgets
strstr
strncpy
fseek
sprintf
memmove
fgetwc
_except_handler3
__CxxFrameHandler
_wstat
fread
fwrite
wcscmp
wcstok
fgetws
_wcsnicmp
_itow
_wtoi
_wcsupr
_wtol
swprintf
wcsstr
wcschr
wcscat
_wfopen
fwprintf
_wcsicmp
fclose
wcscpy
wcsrchr
free
wcslen
malloc
wcsncpy
??2@YAPAXI@Z
??3@YAXPAX@Z

ole32

CoInitialize
CoCreateInstance

Exports

Exports

CompressSamplesToCab
GetProcessList
GetSamples
GetSamplesE
SaveLog
TroGiup

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 34.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d55fd978e491b92263456468658de2a

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

psapi

shlwapi

version

netapi32

wininet

msvcrt

ole32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 60KB - Virtual size: 34.3MB

.rsrc Size: 408KB - Virtual size: 406KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 60KB - Virtual size: 34.3MB

.rsrc
Size: 408KB - Virtual size: 406KB

.reloc
Size: 44KB - Virtual size: 43KB