42ce7c90840e69fd5e7b497a63b57540_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42ce7c90840e69fd5e7b497a63b57540_JaffaCakes118
Size

111KB
MD5

42ce7c90840e69fd5e7b497a63b57540
SHA1

fe7a29b472b23f10eea32612bc93910138f3db9e
SHA256

289ee63c24f311ecb6915d480f809dc4a61093ec329b9f50d3b9e1f6f04e79de
SHA512

3089aefdac734d160b7cb8f26cb67128777442bc9e65296ab93ac46160282fea85b35ad8fcc9bed6c41475e9f6f8c425bfcdb8f8de32a8d55ddadec28a1d3f14
SSDEEP

3072:zEjvP2Tmrp5XlOcSrrUCOyILTT5hdDjcq8FVr:zC1p1lOCtLP5vvJy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42ce7c90840e69fd5e7b497a63b57540_JaffaCakes118

Files

42ce7c90840e69fd5e7b497a63b57540_JaffaCakes118
.dll windows:6 windows x86 arch:x86

7522245e6cc232301158159065ea1e0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HPZipm12.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_swab
_stricmp
atoi
malloc
free
strstr
memset
_adjust_fdiv
_vsnprintf
memcpy

ntdll

RtlUnwind

kernel32

CreateEventA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
LoadLibraryA
OpenProcess
MapViewOfFile
IsBadStringPtrA
GetCurrentProcessId
CreateMutexA
CreateFileMappingA
UnmapViewOfFile
ReadProcessMemory
GetLastError
WriteProcessMemory
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetTickCount
GlobalAlloc
GlobalFree
lstrcmpA
lstrcmpiA
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
CreateProcessA
GetModuleFileNameA
FindClose
FindFirstFileA
lstrlenA
SetCurrentDirectoryA
Sleep
GetVersionExA
GetVersion
OpenEventA
OpenFileMappingA
OpenMutexA
ReleaseMutex

user32

LoadCursorA
GetClassNameA
PostMessageA
MsgWaitForMultipleObjects
CreateWindowExA
ShowWindow
PostThreadMessageA
SetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
RegisterClassA
DefWindowProcA
PostQuitMessage
DestroyWindow
UnregisterClassA
SendMessageA

advapi32

GetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenSCManagerA
DeleteService
RegOpenKeyA
CreateServiceA
RegCreateKeyA
QueryServiceStatusEx
EnumDependentServicesA
OpenServiceA
ControlService
CloseServiceHandle
SetSecurityInfo
QueryServiceConfigA
RegOpenKeyExA
QueryServiceObjectSecurity
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
InitializeAcl
FreeSid
IsValidSid
GetLengthSid
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

wsock32

bind
closesocket
socket

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

WSAStringToAddressA
freeaddrinfo
getaddrinfo

Exports

Exports

InstallService
MSIInstallService
MSIUnInstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7522245e6cc232301158159065ea1e0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

wsock32

version

ws2_32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.data Size: 61KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 44KB

.data
Size: 61KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB