184c19628e3bafecd121c9795637872a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

184c19628e3bafecd121c9795637872a_JaffaCakes118
Size

728KB
MD5

184c19628e3bafecd121c9795637872a
SHA1

4ed585035ca78b3abc0bb60dab096fe800601fe3
SHA256

a161c188f9ec08abd2bc642ec690ac4df9e9b0079de35b98a90f7c05000d7317
SHA512

46e08f1baa3c4813213392b680150ae0b9199f5d99c370823217bbd6f7b767e92480ad7b26a6fbd9b6e85d0cd7a21229d2b2406ea743eebeb8ce33dea2d436ae
SSDEEP

12288:xSQ4RsIoE9WbBLQnKC4QuL1hfYS4HqviZyrmm5mOPUotr9dqbCF0yEO/hIUDII7/:xSQ47oWmBLPbpi9I7reHnGLZma7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
184c19628e3bafecd121c9795637872a_JaffaCakes118

Files

184c19628e3bafecd121c9795637872a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c2acfcd27cc52f0c059a718aa2add66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GetDiskFreeSpaceExA
GetProcAddress
LoadLibraryA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetACP
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
SetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetSystemInfo
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
TerminateThread
SuspendThread
ResumeThread
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetProcessAffinityMask
GetExitCodeThread
ExitProcess
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
GetFileSize
GetTempPathA
GetShortPathNameA
FindClose
FindFirstFileA
GetTempFileNameA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WideCharToMultiByte
GetVersionExA
GetFileType
CopyFileA
SetCurrentDirectoryA
GetTimeZoneInformation
GetThreadLocale
GetEnvironmentVariableA
SetFileAttributesA
GetCPInfo
IsValidCodePage
GetComputerNameA
GetDiskFreeSpaceA
GetModuleHandleA
SetEnvironmentVariableA
GlobalMemoryStatus
GetExitCodeProcess
TerminateProcess
OpenProcess
FindNextFileA
LocalFree
FormatMessageA
CreatePipe
PeekNamedPipe
SetNamedPipeHandleState
CreateThread
DuplicateHandle
GetStdHandle
RaiseException
IsBadReadPtr
IsBadStringPtrA
OutputDebugStringA
SetErrorMode
GetFileTime
FileTimeToLocalFileTime
GetLocaleInfoW
CompareStringW
CompareStringA
QueryPerformanceCounter
IsBadCodePtr
InterlockedExchange
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
SetConsoleCtrlHandler
VirtualQuery
VirtualProtect
LCMapStringW
LCMapStringA
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
GetFileInformationByHandle
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCurrentThread
SetLastError
FatalAppExitA
MoveFileA
GetFullPathNameA
GetCurrentDirectoryA
GetFileSizeEx
CloseHandle
WriteFile
ReadFile
WaitForSingleObject
GetOverlappedResult
ResetEvent
CreateFileA
GetFileAttributesA
CreateDirectoryA
SetFilePointer
SetEndOfFile
GetLastError
GetProfileStringA
SetFileTime
RemoveDirectoryA
DeleteFileA
ExitThread
HeapReAlloc
GetCommandLineA
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
SetStdHandle
RtlUnwind
SetEvent
OpenEventA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetLocalTime
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryW
FlushFileBuffers
QueryDosDeviceA
GetDriveTypeA
GetTickCount
GetLogicalDrives
GetSystemDirectoryW
DefineDosDeviceA
DeviceIoControl

user32

MessageBoxA
PostThreadMessageA
MsgWaitForMultipleObjects
CreateWindowExA
GetWindowThreadProcessId
MessageBeep
ExitWindowsEx
RegisterClassA
PostMessageA
EnumWindows
SendMessageA
DefWindowProcA
DestroyWindow
WaitForInputIdle
PeekMessageA
SetCursor
LoadCursorA
DdeFreeStringHandle
DdeQueryStringA
DdeUninitialize
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeGetLastError
DdeInitializeA
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdePostAdvise
DdeNameService

shell32

ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegCreateKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyW
RegOpenKeyA
OpenProcessToken

wsock32

accept
WSAStartup
sendto
recvfrom
WSAGetLastError
ntohs
WSACleanup
closesocket
shutdown
listen
getsockname
bind
setsockopt
inet_ntoa
socket
getsockopt
__WSAFDIsSet
select
recv
send
gethostbyname
ioctlsocket
htonl
htons
getservbyname
gethostbyaddr
ntohl
connect

psapi

GetModuleFileNameExA

Exports

Exports

WGS_CancelSyscGame
WGS_InitDll
WGS_SyscGame
WGS_UnInitDll

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2acfcd27cc52f0c059a718aa2add66

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

wsock32

psapi

Exports

Exports

Sections

.text Size: 564KB - Virtual size: 563KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 12KB - Virtual size: 27KB

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 564KB - Virtual size: 563KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 12KB - Virtual size: 27KB

.reloc
Size: 40KB - Virtual size: 36KB