16f6b4d5cc7916b67abdde45e33d9d54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f6b4d5cc7916b67abdde45e33d9d54_JaffaCakes118
Size

80KB
MD5

16f6b4d5cc7916b67abdde45e33d9d54
SHA1

991b042483b61b0d9b1488c96391e0ff9a91b30b
SHA256

ae2dc18605fb18fae0b901e3fb327bc53a4419727d2ba6231e9cae3067243585
SHA512

5cbed2df3cdcb424e3bde7025023cfd7be89bb0162ae684c3eb522fa9e378220e4177db6517f85ac73408d9b3c6364b1c9cc7fced067d41abb3bc09cdc05488a
SSDEEP

1536:nXhy1R85hGXT8uqchgfnShWhZLZe411s8DreYXxFj9+p:Xhw8uXQnchKJZ1L1fFjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f6b4d5cc7916b67abdde45e33d9d54_JaffaCakes118

Files

16f6b4d5cc7916b67abdde45e33d9d54_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96d5cb85a9d60ff4f2616af7e78b2cd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetThreadDesktop
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
CallNextHookEx
OpenInputDesktop
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowTextA
PostThreadMessageA
GetWindowThreadProcessId
wsprintfW
GetMessageA
GetActiveWindow
CharLowerA
SetThreadDesktop
ExitWindowsEx
wsprintfA
GetForegroundWindow
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
ShowWindow
BringWindowToTop
UpdateWindow
EnumWindows
CharUpperA

gdi32

CreateCompatibleBitmap
GetDIBits
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDCA
GetDeviceCaps
DeleteObject

advapi32

RegSetValueExA
OpenThreadToken
RegisterServiceCtrlHandlerA
SetServiceStatus
LogonUserA
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ControlService
ChangeServiceConfigA
RegCreateKeyExA
AdjustTokenPrivileges
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf

shell32

SHEmptyRecycleBinA
SHFileOperationA
ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32.dll�

ord21
ord12
ord52
ord11
ord18
ord3
ord19
ord6
ord13
ord16
ord2
ord23
ord9
ord4
ord15
ord1
ord115

shlwapi

StrCmpW
StrStrA
StrChrA
StrRChrA
SHDeleteKeyA
StrCmpNIA
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetCompositionStringW

avicap32

capGetDriverDescriptionA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
getenv
strrchr
malloc
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
GetProcAddress
FreeLibrary
LocalAlloc
InterlockedExchange
RaiseException
LoadLibraryA
OpenProcess
GetModuleFileNameA
GetDiskFreeSpaceExA
WideCharToMultiByte
SetFilePointer
FlushFileBuffers
lstrlenW
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
MoveFileA
CreateDirectoryA
SearchPathA
GetACP
GetOEMCP
GetLocalTime
lstrlenA
GetTempPathA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
GetCurrentThread
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetStartupInfoA
GetTickCount
WaitForSingleObject
Sleep
CreateProcessA
lstrcatA

Exports

Exports

lumeInforl
DzService
ServiceMain

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96d5cb85a9d60ff4f2616af7e78b2cd2

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32.dll�

shlwapi

psapi

imm32

avicap32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB