275f5a5db7c20b99431ec873f4c288e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

275f5a5db7c20b99431ec873f4c288e1_JaffaCakes118
Size

90KB
MD5

275f5a5db7c20b99431ec873f4c288e1
SHA1

6320bc3aaa225d0dd6aee930428b4f615de705e5
SHA256

7d986e35504fcdb04c44e21252df383fbe4f3e9d053da5adb79ae88937575879
SHA512

07a989117ca750c2137ecb474746e54100731817bc6b1a63ae93c1be7c1cf671f97e916a69a13fabd4aa761bfb8c62208ba3e39e8db0a660f9fd8c524633c5aa
SSDEEP

1536:zVYi4NRK8s6VVDC1hzv0eVsHlZYRKtlGp0rc2AjfFuch/yO71/2LJI/sMI5i:sJu1hxVW870r1ADFucxyO7h2LJIXI5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
275f5a5db7c20b99431ec873f4c288e1_JaffaCakes118

Files

275f5a5db7c20b99431ec873f4c288e1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8b5c3691fe6290f734d509bcfb2126d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
ExitThread
SleepEx
lstrcmpiA
GetSystemDirectoryA
MoveFileExA
GetLocalTime
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
GetModuleHandleA
GlobalFree
GlobalUnlock
GetVolumeInformationA
SetFilePointer
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
GetFileSize
WaitForMultipleObjects
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
lstrcpynA
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
WriteFile
ReadFile
GlobalAlloc
CreateFileA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
PeekNamedPipe
GetLogicalDriveStringsA
FreeLibrary
GetWindowsDirectoryA
lstrcpyA
lstrcatA
Sleep
GetTickCount
CancelIo
InterlockedExchange
ResetEvent
lstrlenA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventA
GetModuleFileNameA
GlobalLock

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
send
gethostname
getsockname
inet_addr
sendto
WSASocketA
inet_ntoa
closesocket
WSAStartup
WSACleanup

user32

SetProcessWindowStation
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
GetProcessWindowStation
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
GetDC
EnumWindows
SetClipboardData
CloseClipboard
CloseDesktop
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
BlockInput
DestroyCursor
LoadCursorA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
CharNextA
wsprintfA
GetInputState
GetForegroundWindow
SetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
mouse_event
OpenWindowStationA

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

advapi32

ControlService
RegSetKeySecurity
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenServiceA
QueryServiceStatus
StartServiceA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
DeleteService
InitializeSecurityDescriptor

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

ceil
_ftol
strstr
memcmp
realloc
malloc
strlen
strchr
strcpy
strcmp
free
strrchr
memmove
strncat
atoi
strncmp
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
_strcmpi
_except_handler3
??2@YAPAXI@Z
_CxxThrowException
_itoa
_strnicmp
memset

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvfw32

ICSeqCompressFrame
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

ServiceMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b5c3691fe6290f734d509bcfb2126d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

msvcp60

imm32

wininet

msvfw32

psapi

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB