004c8a97c2606c838764a629b13e4fb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

004c8a97c2606c838764a629b13e4fb7_JaffaCakes118
Size

202KB
MD5

004c8a97c2606c838764a629b13e4fb7
SHA1

bab2c77c9e3eea39e2e8b0f4ff3b3d6490690eb8
SHA256

7762ba7ae989d47446da21cd04fd6fb92484dd07d078c7385ded459dedc726f9
SHA512

c9fa7368f650beb752d133876c48ed86f74f1f5208ab4be94e65f6402a48fdfd5986af1c3c876a407c11356c2983f6840678bf89055407b857acdcdab02eaae0
SSDEEP

3072:NCfCnY2EhYpHHwC0lckir8D/QS/Y/nR5gVpTUERxU0U0ZRj1C5QvZ/kDl:NCuY2EyIlMr8D/B/YfPgvZHvnZ51sDl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
004c8a97c2606c838764a629b13e4fb7_JaffaCakes118

Files

004c8a97c2606c838764a629b13e4fb7_JaffaCakes118
.dll windows:5 windows x64 arch:x64

d81bcc7a805b5816a7290855071e4c17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
FlushFileBuffers
CloseHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateEventW
CreateNamedPipeW
Sleep
MultiByteToWideChar
LocalAlloc
LocalFree
GetProcAddress
VirtualAlloc
VirtualFree
CreateThread
WaitForSingleObject
GetLogicalDrives
WriteFile
GetTickCount64
LoadLibraryW
GetDriveTypeW
CreateDirectoryW
CreateFileW
GetFileAttributesW
SetLastError
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
DeleteFileW
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
FatalExit
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx

shell32

SHGetFolderPathW

wininet

InternetQueryDataAvailable
InternetReadFile
HttpAddRequestHeadersW
InternetCloseHandle
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpSendRequestW
DeleteUrlCacheEntryW
InternetConnectW
HttpOpenRequestW
InternetOpenW

urlmon

ObtainUserAgentString

rpcrt4

UuidCreateSequential

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d81bcc7a805b5816a7290855071e4c17

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wininet

urlmon

rpcrt4

iphlpapi

Sections

.text Size: 119KB - Virtual size: 120KB

.rdata Size: 69KB - Virtual size: 72KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 7KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 119KB - Virtual size: 120KB

.rdata
Size: 69KB - Virtual size: 72KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB