2c042f17b143f820f8f1e56cef04888c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c042f17b143f820f8f1e56cef04888c_JaffaCakes118
Size

2.2MB
MD5

2c042f17b143f820f8f1e56cef04888c
SHA1

e2cc2576771b1f8744aeb24a9c075c82ab0ef9f5
SHA256

d9ee960a24c71400f1d761cd45d74a2eab9a81dad60694b52061d5a79427ed4d
SHA512

37ad5dd29cc276503150d250810d4d37c70fede4a814cc38fc192dc0e3a85e22216282156ec9abab51281b529f71988661dec18a9ae3ac1d9e43c84f5dfbcef1
SSDEEP

49152:M9NZH6goSlrUHC31hipWC5vf7rAdklunYKXVIBOjDm:MTZa6IHTJWutyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c042f17b143f820f8f1e56cef04888c_JaffaCakes118

Files

2c042f17b143f820f8f1e56cef04888c_JaffaCakes118
.dll windows:6 windows x86 arch:x86

4404a89bc1f30cf1cb067d9fd3e2cbbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Angel\Downloads\YR7nPVywfO1KGVjnB3njHy8z2yTTRfrdR9A1oKKM\neon\Release\inject.pdb

Imports

kernel32

SetConsoleMode
FindNextFileA
GetTempPathW
FindClose
MultiByteToWideChar
Sleep
AttachConsole
GetFileAttributesA
WritePrivateProfileStringA
CreateThread
HeapAlloc
ExitProcess
GetCurrentProcessId
GetModuleHandleW
GetPrivateProfileStringA
GetTickCount
AllocConsole
IsDebuggerPresent
GetFullPathNameW
WriteConsoleA
SetStdHandle
HeapSize
GetTimeZoneInformation
HeapReAlloc
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
CreateDirectoryW
HeapFree
VirtualProtect
FindFirstFileA
CloseHandle
GetFileAttributesExW
GetStdHandle
lstrlenW
GetCurrentProcess
GetCurrentDirectoryW
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
WriteFile
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ReadConsoleW
GetConsoleMode
OutputDebugStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetFilePointerEx
FreeLibraryAndExitThread
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
ExitThread
DeleteFileW
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
RaiseException
InterlockedFlushSList
RtlUnwind
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
FormatMessageA
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
SetEndOfFile
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FreeLibrary
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
WideCharToMultiByte
GetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW

user32

SetClipboardData
GetClipboardData
EmptyClipboard
SetCursor
OpenClipboard
GetCursorPos
SetCursorPos
IsChild
ClientToScreen
ScreenToClient
LoadCursorA
CloseClipboard
GetForegroundWindow
CallWindowProcW
GetAsyncKeyState
GetClientRect
GetKeyState

gdi32

AddFontResourceW

advapi32

CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

xinput1_3

ord4
ord2

ws2_32

getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
recvfrom
sendto
ioctlsocket
gethostname
htonl
ntohl
getsockopt
listen

crypt32

CertFreeCertificateContext

wldap32

ord50
ord60
ord211
ord46
ord41
ord35
ord30
ord200
ord301
ord22
ord26
ord27
ord32
ord143
ord33
ord79

d3dx9_43

D3DXCreateTextureFromFileA
D3DXAssembleShader
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXCreateSprite
D3DXCreateTextureFromFileInMemory

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

urlmon

URLDownloadToFileW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 593KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4404a89bc1f30cf1cb067d9fd3e2cbbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

imm32

xinput1_3

ws2_32

crypt32

wldap32

d3dx9_43

wininet

urlmon

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 535KB - Virtual size: 535KB

.data Size: 593KB - Virtual size: 669KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 535KB - Virtual size: 535KB

.data
Size: 593KB - Virtual size: 669KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 68KB - Virtual size: 67KB