26cc96f633b5d0d3eb1ead3613df5f50_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26cc96f633b5d0d3eb1ead3613df5f50_JaffaCakes118
Size

64KB
MD5

26cc96f633b5d0d3eb1ead3613df5f50
SHA1

3b6b8535664b2fae77796179895de060a25083ae
SHA256

d2252542eeba77893f0fd1c059bd5f749798f3dfe5ee44f93ab6fd700a797094
SHA512

47bce02cb92c034fb1e592c347065abb735de5c82304ecab9f07c2daac12f017ec04c56ba50f88f140d0fdc20f3404f757dcc01837872aac0228f0e3d8666627
SSDEEP

768:woDrUdTcdjh4Hf+6QA6vJjhVk+3DLEYcSsrYWyyxrVeIQGRK+HEluoji53i9GSV8:wzdTkN4/1FEVkEySmFVeEKxLSiQSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cc96f633b5d0d3eb1ead3613df5f50_JaffaCakes118

Files

26cc96f633b5d0d3eb1ead3613df5f50_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e2f24c9db12665486ff2e92641b4b1c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtok
strcmp
strcat
memcpy
tolower
wcslen
wcscpy
malloc
free
_except_handler3
_strupr
exit
fputc
fwrite
memcmp
fread
fseek
__CxxFrameHandler
_initterm
_adjust_fdiv
_strrev
_strnicmp
strstr
memset
strcspn
strncpy
strcpy
atoi
_vsnprintf
sprintf
fopen
fputs
fclose
strlen
_wcsicmp

kernel32

GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFileTime
GetFileTime
CreateFileA
FindClose
FindFirstFileA
SetLastError
FormatMessageA
LocalFree
GetLocalTime
FreeResource
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetCurrentProcess
CreateProcessA
lstrlenA
OpenProcess
GetVersion
DeleteFileA
GetLongPathNameA
GetTempPathA
GetSystemDirectoryA
GetDriveTypeA
FindNextFileA
MoveFileExA
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
MultiByteToWideChar
GetACP
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
VirtualProtectEx
GetTickCount
CreateThread
GetModuleHandleA
GlobalFree
SetFilePointer
lstrcatA
GlobalAlloc
lstrlenW
ReleaseMutex
CopyFileA
GetSystemWindowsDirectoryA
VirtualAlloc
ReadFile
GetFileSize
VirtualFree
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
TerminateProcess
GlobalReAlloc
GlobalLock
GlobalSize
GlobalMemoryStatus
GlobalUnlock
GetEnvironmentVariableA
GetStartupInfoA
CreatePipe
GetCurrentDirectoryA
DeviceIoControl
LoadLibraryExA
OpenMutexA
TerminateThread
GetVersionExA
GetModuleFileNameA
GetCurrentThreadId
WideCharToMultiByte
WaitForSingleObject
GetLastError
Sleep
GetCurrentProcessId
VirtualProtect

user32

GetDesktopWindow
FindWindowA
SetThreadDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
ExitWindowsEx
LockWorkStation
ShowCursor
ClipCursor
SetWindowPos
ShowWindow
IsRectEmpty
SendMessageA
IsWindow
DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
CallNextHookEx
GetWindowTextA
GetWindowDC
GetDC
ReleaseDC
mouse_event
SetCursorPos
UnhookWindowsHookEx
EnableWindow
wsprintfW
MessageBoxA
GetSystemMetrics
wsprintfA
SetWindowsHookExA
GetActiveWindow

gdi32

CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
GetDeviceCaps
CreateCompatibleBitmap
SelectPalette
GetObjectA
GetStockObject
DeleteObject
StretchBlt
DeleteDC
SelectObject

advapi32

RegOpenKeyExA
LookupPrivilegeValueA
OpenProcessToken
DeleteService
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CloseEventLog
ClearEventLogA
OpenEventLogA
LsaNtStatusToWinError
LsaClose
RegOpenKeyA
StartServiceA
GetUserNameA
RegQueryValueExA
RegCreateKeyA
AdjustTokenPrivileges
RegSetValueExA
RegCloseKey
GetTokenInformation
LookupAccountSidA
LsaOpenPolicy
LsaRetrievePrivateData

shell32

ShellExecuteA

ws2_32

gethostname
gethostbyname
getsockopt
socket
ioctlsocket
bind
listen
select
recv
inet_addr
setsockopt
connect
send
htons
closesocket
WSAStartup
WSACleanup

sfc

SfcIsFileProtected

psapi

EnumProcessModules
GetModuleFileNameExA

urlmon

URLDownloadToFileA

wininet

GetUrlCacheEntryInfoA

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Exports

Exports

Entry
GetCfg
InfectFile
Init
InstallHook
ResetSSDT
UnHook
Uninstall
_EventLogon@4
_EventStartup@4

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2f24c9db12665486ff2e92641b4b1c1

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

sfc

psapi

urlmon

wininet

imm32

avicap32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 12KB

.sdata Size: 512B - Virtual size: 24B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 12KB

.sdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB