5730bfe57dd3d4fa717fec73160ff9af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5730bfe57dd3d4fa717fec73160ff9af_JaffaCakes118
Size

52KB
MD5

5730bfe57dd3d4fa717fec73160ff9af
SHA1

902e52c949b955a840c2b177f39e7d2131157a8d
SHA256

fefd7245cec268236f4d81ac103f8e7b6c3fbdaed88e7cf4e6bc4fb5be859199
SHA512

df9126b9c35a52fe0dd0905cf4e636ddc1f7f5eb786835c04afe8bb67bf4409a4b91dee4d42edc2a8bbe398951c3ee73936c7cf16115fe111889890dcd4663fa
SSDEEP

1536:ZoPL3X/hY/IElJ6+9aJwhZLxS8moqUuNR66OzXRDTWC:Zf/1J39aJwXxOofuX3Od/WC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5730bfe57dd3d4fa717fec73160ff9af_JaffaCakes118

Files

5730bfe57dd3d4fa717fec73160ff9af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

020fac1f7714a6522c8af02d23f2d761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
GetCurrentProcessId
GetFileSize
SetFilePointer
ReadFile
CreateFileA
GetModuleHandleA
VirtualProtect
CreateToolhelp32Snapshot
GetProcessHeap
HeapAlloc
OutputDebugStringA
Process32Next
lstrcmpiA
Process32First
OpenProcess
ReleaseMutex
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDirectoryA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrlenA
lstrcpynA
ReadProcessMemory
SetThreadPriority
DeviceIoControl
GetFileAttributesA
MoveFileExA
CopyFileA
ReleaseSemaphore
CreateSemaphoreA
GlobalAlloc
GlobalFree
SetEndOfFile
CloseHandle
GetCurrentThreadId
lstrcpyA
FreeLibrary
GetModuleFileNameA
Sleep
WritePrivateProfileStringA
GetCurrentProcess
TerminateProcess
ExitProcess
CreateThread
LoadLibraryA
GetProcAddress
GetPrivateProfileIntA
GetTempPathA
DeleteFileA
GetPrivateProfileStringA
GetLastError
lstrcatA

user32

GetForegroundWindow
GetWindow
EnumWindows
PostMessageA
SetWindowsHookExA
GetWindowThreadProcessId
wsprintfA
CallNextHookEx
FindWindowA
wvsprintfA
PostThreadMessageA
UnhookWindowsHookEx
GetMessageA
GetClassNameW

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
BitBlt

advapi32

RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumValueA

msvcrt

_strupr
__dllonexit
_strnicmp
_initterm
_adjust_fdiv
exit
wcsstr
_onexit
_itoa
_strcmpi
wcsncat
memset
strlen
free
strstr
_strlwr
_strdup
??2@YAPAXI@Z
_stricmp
strcat
memcpy
strcpy
strncpy
sprintf
strrchr
_except_handler3
malloc
??3@YAXPAX@Z
wcscat
wcscpy
wcslen
rand
srand
isspace
isalnum
strchr
_vsnprintf
realloc
isdigit
isalpha
atoi
wcscmp
mbstowcs

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wsock32

gethostbyname
send
closesocket
recv
connect
htons
socket
WSAStartup
shutdown

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

asdfghjkl
qwertyui

Sections

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020fac1f7714a6522c8af02d23f2d761

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

gdiplus

msvcp60

wsock32

psapi

Exports

Exports

Sections

.bss Size: - Virtual size: 3KB

.data Size: 46KB - Virtual size: 46KB

.reloc Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 46KB

.reloc
Size: 3KB - Virtual size: 3KB