3c7d898b1e7f34618b8cec5edc6bda84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c7d898b1e7f34618b8cec5edc6bda84_JaffaCakes118
Size

60KB
MD5

3c7d898b1e7f34618b8cec5edc6bda84
SHA1

3f8a2eea6c4a6711fa5a57eb194bc5a3193eb8bc
SHA256

01d80b9630b24aaa623a7ae17611c1f02d97369013dc42a95c240ab661c86614
SHA512

9ba623745d150a7839d1bc789f635792212c31f55369f9c97de649aac87721946440a93670935ad0e54c2276c704f3635fea68ee1f247df6a49fd55c9db709dc
SSDEEP

768:jwNSo2gtNeBpu1iEfHuLaDmPVzAQCgR42IDai/lY2RNVSJCYndaIVWy:jwNS4NeBA1iE/uLtLR4JDe0NVSJT7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c7d898b1e7f34618b8cec5edc6bda84_JaffaCakes118

Files

3c7d898b1e7f34618b8cec5edc6bda84_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ff4d1b610cb5119d2489e230865c4aee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
WinExec
GetWindowsDirectoryA
WritePrivateProfileStringA
Process32First
InterlockedDecrement
lstrlenW
OpenProcess
lstrcpyA
Process32Next
GetCurrentThreadId
AllocConsole
WideCharToMultiByte
lstrcatA
GetModuleFileNameA
CloseHandle
GetLastError
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LocalAlloc
MultiByteToWideChar
LocalFree
GetModuleHandleA
Sleep
lstrlenA
InterlockedIncrement

user32

SetWindowPos
wsprintfA
DispatchMessageA
GetMessageA
PostThreadMessageA
DefWindowProcA
CloseDesktop
SetWindowTextA
DestroyWindow
PostQuitMessage
GetClientRect
BeginPaint
TranslateMessage
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
GetDesktopWindow
BringWindowToTop
GetWindowRect
PostMessageA
SetWindowLongA
GetWindowLongA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseWindowStation
EndPaint

advapi32

CreateProcessAsUserA
StartServiceA
CreateServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
DeleteService
ControlService
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
CloseServiceHandle

shell32

StrStrIA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantChangeType
SysAllocString
VariantClear
GetErrorInfo
VariantInit
SetErrorInfo
CreateErrorInfo

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable

ws2_32

recv
inet_addr
htons
inet_ntoa
setsockopt
send
WSAConnect
WSACleanup
gethostbyname
closesocket
socket
WSAGetLastError
gethostname
connect
WSAStartup

urlmon

URLDownloadToFileA

msvcrt

_itoa
__CxxFrameHandler
vsprintf
_beginthread
memcpy
strstr
_endthread
fopen
fprintf
fclose
??2@YAPAXI@Z
strlen
strcpy
strchr
strcat
memset
??3@YAXPAX@Z
_strupr
sprintf
strrchr
atoi
strncpy
memcmp
_purecall
wcslen
_CxxThrowException
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
strcmp

netapi32

Netbios

Exports

Exports

DllRegisterServer
FucImport
RegisterService
ServiceMain
UnregsterService

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff4d1b610cb5119d2489e230865c4aee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

urlmon

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 2KB