1208999a78487c43804a792411a577cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1208999a78487c43804a792411a577cd_JaffaCakes118
Size

116KB
MD5

1208999a78487c43804a792411a577cd
SHA1

0150eb75047eb0b34d1d85e80855fa2fd17e2334
SHA256

b31fd73b67984c29578d3edce4a2d3b8596993782cc5e28e267563f3c69abc8c
SHA512

5c871ecf5e8fc9e6097bdeb3a6534219e78842dda5684dcfe9aff5ee9fcac946cb764e26b939595a82047b48204c52ac0a68928f7f27d8ddcaa54e49321acd9b
SSDEEP

1536:Xsx62X7eu/WAONWX2WVQhP1DjlOXVQKBxJnX7r7xhb/Eq07JCTOr/MgqJL/J6t:Xsg2X7evu3a91nlOljlhboJUOTMJQt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1208999a78487c43804a792411a577cd_JaffaCakes118

Files

1208999a78487c43804a792411a577cd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec90af873ef7d4ce276d6c8871232a87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesExA
LCMapStringA
GetCurrentProcessId
LocalUnlock
WaitNamedPipeA
GetProcessAffinityMask
DeleteAtom
GetProcAddress
GetCommConfig
GetLargestConsoleWindowSize
VirtualProtect
GetCommProperties
DuplicateConsoleHandle
GetSystemTime
BackupWrite
FindFirstVolumeA
GetNumberFormatA
GetTickCount
GlobalAddAtomW
GetHandleInformation
GetNamedPipeHandleStateA
LocalFileTimeToFileTime
GetLocalTime
OpenJobObjectW
InterlockedExchange
GetConsoleAliasesA
GetConsoleAliasesLengthA
SetPriorityClass
BuildCommDCBA
SetConsoleActiveScreenBuffer
GetConsoleCommandHistoryW
EnumCalendarInfoExA
GetCommMask
GetPrivateProfileSectionA
GetCurrentDirectoryW
GetStringTypeExW
GetPrivateProfileStringA
ConnectNamedPipe
OpenEventW
GlobalGetAtomNameW
FreeLibrary
QueryInformationJobObject
GetQueuedCompletionStatus
GetEnvironmentVariableW
CreateMailslotW
LoadLibraryW
GetCurrentThreadId
GetProcessHeap
FlushConsoleInputBuffer
SetConsoleCtrlHandler
GetNamedPipeInfo
TerminateJobObject
GetVolumeInformationA
FreeEnvironmentStringsW
OpenEventA
CancelWaitableTimer
LoadLibraryA
VirtualProtectEx
GetConsoleAliasExesLengthA
GetStartupInfoW
ShowConsoleCursor
SetHandleInformation
LocalFree
IsValidLocale
WriteConsoleOutputAttribute
FatalExit
HeapValidate
RegisterConsoleVDM
GetNumberOfConsoleMouseButtons
WriteConsoleW
LocalHandle
ReplaceFile
OutputDebugStringW
GlobalReAlloc
LCMapStringW
FlushViewOfFile
CreateTapePartition
VirtualQueryEx
GetVersion
SetVolumeMountPointW
SetVolumeMountPointA
VirtualFreeEx
ExpandEnvironmentStringsW
GetConsoleCommandHistoryA
VirtualAllocEx
VirtualAlloc
GetModuleHandleA
InterlockedExchangeAdd

advapi32

SetEntriesInAuditListA
NotifyChangeEventLog
BuildImpersonateTrusteeW
CryptHashSessionKey
ClearEventLogA
GetNamedSecurityInfoA
RegCreateKeyExA
CryptEnumProviderTypesA
CryptContextAddRef
RegEnumValueW
EqualSid
RegQueryMultipleValuesA
ConvertSecurityDescriptorToAccessNamedW
GetFileSecurityW
SystemFunction010
CryptDuplicateKey
RegOpenKeyA
GetSecurityDescriptorGroup
GetAccessPermissionsForObjectA
GetNumberOfEventLogRecords
ElfBackupEventLogFileA
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceA
GetMultipleTrusteeOperationA
RegEnumKeyExA
AreAnyAccessesGranted
DestroyPrivateObjectSecurity
CryptGetDefaultProviderW
GetEffectiveRightsFromAclA
BuildTrusteeWithNameW
ElfReadEventLogW
SystemFunction016
LookupPrivilegeDisplayNameA
QueryServiceObjectSecurity
MapGenericMask
LookupPrivilegeValueW
ConvertSecurityDescriptorToAccessNamedA
QueryServiceConfigA
GetSecurityDescriptorOwner
SetServiceBits
RegQueryValueA
ElfReportEventW
GetSidIdentifierAuthority

winspool.drv

OpenPrinterA
DocumentPropertiesA
ConvertUnicodeDevModeToAnsiDevmode
EnumPrinterKeyW
DeletePrinterDriverExA
EnumPrinterDataA
AddJobA

msvcrt

fputs
_mbccpy
_mbsrev
_mbsnextc
_mbsnbcoll
_mbsnbicmp
ldiv
strncmp
remove
fprintf
mbstowcs
feof
_statusfp
$I10_OUTPUT
_fmode
_spawnl
printf
_strlwr
_winmajor
_commode
_ltoa
fputc
_rotl
_cputs
sprintf
fread
ftell
ispunct
__crtCompareStringA
_wsetlocale
wcsrchr
__p__wcmdln
wcsftime
_adj_fdiv_r
iscntrl
_mbsicoll
wprintf
_fputchar
_lseek
fwprintf
_spawnvp
_ismbbkalnum
strncat
_unlink
fopen
_setmbcp
_finite
fwrite
tmpnam
fclose
_wasctime
_adj_fdivr_m16i
_cwait
isspace
__p__pctype
wscanf
_getche
exp
fsetpos
_ultoa
_mbscmp
fseek
_tempnam
memset
rand
fgetws
ferror
_findnext
__iscsymf
_mbctokata
_mbsninc
_memccpy
_EH_prolog
__p__acmdln

Exports

Exports

Lsjgnna
Srtyy
Zgqwbaq
Zozt

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec90af873ef7d4ce276d6c8871232a87

Headers

File Characteristics

Imports

kernel32

advapi32

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 6KB