fbac48e7539bcc40778311816328fb76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbac48e7539bcc40778311816328fb76_JaffaCakes118
Size

104KB
MD5

fbac48e7539bcc40778311816328fb76
SHA1

d0357335e951f63313c871d0c493ae3b983c4601
SHA256

fe899263308ed9a2251483e108a4586e306931d23175a8b252b278f33a6b465f
SHA512

cf93aa2992f889c9d0a3ca2e1fe1c2d2ebd7602dafb0a3377acefcd1eec922106f0b12995659e2050e65f78f528a4eac3567ae4d15c59200a8a3d850f003c6a9
SSDEEP

1536:YoodxEaaAIx8Bkx759O82N0MoMB7bhmYMw+/V7FSLaT0xXoj6C4lOxANL:gMIkPc82+AdQ5Og0xm6C4lOxANL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbac48e7539bcc40778311816328fb76_JaffaCakes118

Files

fbac48e7539bcc40778311816328fb76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

585d2e3e4f603e9473f07e01d9665ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualAllocEx
CreateThread
GlobalFree
GetFullPathNameA
GetModuleFileNameA
GlobalAlloc
MultiByteToWideChar
WriteFile
CreateFileA
DeleteFileA
IsBadWritePtr
lstrcpynA
GetTickCount
SetEvent
GetSystemTime
CreateEventA
SetFilePointer
GetLastError
GetModuleHandleA
SetLastError
ExpandEnvironmentStringsA
ReadFile
WinExec
CreateProcessA
GetStartupInfoA
CreateMutexA
WaitForSingleObject
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
SetPriorityClass
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateThread
LoadLibraryA
GetProcAddress
CreateRemoteThread
CloseHandle
FreeLibraryAndExitThread
Process32Next
Sleep
ExitThread
lstrcpyA
lstrcatA
OpenFile
lstrlenA
GetSystemInfo
VirtualProtect
VirtualAlloc
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
TerminateProcess
InitializeCriticalSection
ExitProcess
WideCharToMultiByte
GetStdHandle
RtlUnwind
RaiseException
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
CloseServiceHandle
RegDeleteValueA

user32

wsprintfA
wsprintfW

ws2_32

WSACleanup
inet_addr
setsockopt
bind
listen
select
WSAGetLastError
getsockname
gethostname
inet_ntoa
__WSAFDIsSet
shutdown
accept
ioctlsocket
recv
WSAStartup
socket
gethostbyname
htons
connect
send
closesocket
getsockopt

shlwapi

PathFileExistsA
StrToIntA

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

585d2e3e4f603e9473f07e01d9665ac1

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

shlwapi

wininet

ole32

oleaut32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 8KB