40f3b8e96d7667515ce706d04dd77179_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40f3b8e96d7667515ce706d04dd77179_JaffaCakes118
Size

67KB
MD5

40f3b8e96d7667515ce706d04dd77179
SHA1

27c1c0345783df1b9ccc41f144e3b4956f2a2ca8
SHA256

6eb96b6b686672b47ebbbaad822bd32bbb5ef72a240a512e860786c796a39d03
SHA512

11c14fc2b975b2559a1373580020e706a3ab7e85469727e0f66404aa8bcc72731a23b6f383c2374f2fa2c62f4007e9927559c180baafb73564f4bf7a631d7f40
SSDEEP

1536:SHFbj6BLy+jWq5wDUqsy6+b55m5E8l+rj/GCAr+a02E:g9jeLyndDUqsy6+lU57+//GDtE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40f3b8e96d7667515ce706d04dd77179_JaffaCakes118

Files

40f3b8e96d7667515ce706d04dd77179_JaffaCakes118
.dll windows:5 windows x86 arch:x86

99c7d9ba494f5c3982110296df0ecf53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_onexit
__dllonexit
??1type_info@@UAE@XZ
strcpy
wcstombs
??_V@YAXPAX@Z
tolower
srand
rand
atoi
_wtoi
_itow
mbstowcs
strtok
memset
free
malloc
_itoa
strlen
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
memcmp
??_U@YAPAXI@Z
memmove
towlower
_except_handler3

kernel32

VirtualFree
GetModuleFileNameW
lstrcpyW
CreateMutexW
GetLastError
WaitForSingleObject
WaitForMultipleObjects
GetExitCodeThread
lstrlenW
OpenMutexW
GetProcAddress
GetModuleHandleA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
GetCurrentProcess
Sleep
lstrcatW
SetFilePointer
SetEndOfFile
ReadFile
GetModuleFileNameA
DisableThreadLibraryCalls
ExitProcess
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
GetSystemDirectoryW
GetWindowsDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
DeleteFileW
GetTickCount
GetCurrentThreadId
CreateDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
VirtualAlloc
GetVolumeInformationA
CreateProcessW
OpenMutexA
OpenEventA
GetCurrentThread
Process32First
GetCurrentProcessId
Process32Next
TerminateProcess
TerminateThread
CreateEventW
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapFree
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
GetVersion
lstrcmpiA
lstrcpynW
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileSize
CreateFileW
LocalFree
FlushFileBuffers
WriteFile
CreateThread
GetVersionExA
CloseHandle
lstrcatA
lstrcpyA
lstrlenA
LocalAlloc
ReleaseMutex
GetWindowsDirectoryA
RaiseException

user32

GetSystemMetrics
UnhookWindowsHookEx
PostMessageA
SetWindowsHookExA
CallNextHookEx

advapi32

RegFlushKey
RegCreateKeyExW
StartServiceA
QueryServiceStatusEx
QueryServiceConfigA
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyW
SetThreadToken
GetLengthSid
SetTokenInformation
DuplicateTokenEx
SetEntriesInAclA
ConvertStringSidToSidA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ChangeServiceConfigA
ControlService
OpenServiceA
OpenSCManagerA
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
SetSecurityInfo
RegEnumValueW
RegQueryValueExA
RegDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
a
s

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99c7d9ba494f5c3982110296df0ecf53

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 45KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 45KB

.reloc
Size: 4KB - Virtual size: 3KB