e2732ebcce9afb6f980a0c95f3102408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e2732ebcce9afb6f980a0c95f3102408_JaffaCakes118
Size

1.5MB
MD5

e2732ebcce9afb6f980a0c95f3102408
SHA1

f90fe998ba8683bcb2bd874014eaecdba6be20a9
SHA256

7cb463e144c3d61df26da8066ce352c9a9017c87696adbcedbdde53b6285e203
SHA512

9c98472516ba273186767448e73381188702fbf57cceee6361ed497e4bc5e98bdb7712a8afec1ecf29a8cc72c68f044557228959fa18203b330ebf90640002e5
SSDEEP

12288:27D5Plwhc9PtpEHLbENXzjaCWSpPwwOzt1szd7FL8kTZQk:GD59widEHLYNHaCW+PGti5TZQk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2732ebcce9afb6f980a0c95f3102408_JaffaCakes118

Files

e2732ebcce9afb6f980a0c95f3102408_JaffaCakes118
.dll windows:5 windows x86 arch:x86

84be59ae153c6210879e2632275b8bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
VirtualProtect
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
TerminateProcess
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
SetEvent
GetLocaleInfoW
CreateFileW
IsDBCSLeadByteEx
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
TlsGetValue
GetDateFormatW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
SetThreadLocale
GetThreadLocale

shell32

ShellExecuteW

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

msvcrt

memcpy

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
InitializeSecurityDescriptor
RegCloseKey
SetSecurityDescriptorDacl
RegOpenKeyExW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84be59ae153c6210879e2632275b8bac

Headers

File Characteristics

Imports

kernel32

shell32

urlmon

version

user32

oleaut32

msvcrt

netapi32

advapi32

winhttp

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 1.5MB - Virtual size: 1.5MB