2a8d9b5c18d314a36e7ef82f0ac3635e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a8d9b5c18d314a36e7ef82f0ac3635e_JaffaCakes118
Size

423KB
MD5

2a8d9b5c18d314a36e7ef82f0ac3635e
SHA1

3f549a0d5d0d32d44ddc483b5c7a77bbc0b1b91d
SHA256

425bbe7020fc443a8311099c2b74b1c6419700317603aae73988adb4113a8bff
SHA512

a9e0a88bc66e54e33cb1d6e0684b4f375e70ec44103cd8b694ad95ef952bcd7007eb0286c14dd6d7071deef2560c945797e8b14811bcc73180484818ba5e626c
SSDEEP

12288:Cz+vtVT/CqC7Cz6qYtNu1yqjIo4ipVjf:CzUzCqBHSNOyq/4EVjf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a8d9b5c18d314a36e7ef82f0ac3635e_JaffaCakes118

Files

2a8d9b5c18d314a36e7ef82f0ac3635e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a4eb1e2be9d15d875c6451da74d6d2c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

bind
recv
send
inet_addr
ioctlsocket
WSASetLastError
listen
getsockopt
__WSAFDIsSet
WSAGetLastError
accept
closesocket
WSACleanup
WSAStartup
select
getservbyname
gethostbyname
getservbyport
gethostbyaddr
inet_ntoa
getpeername
getsockname
connect
WSARecvFrom
WSARecv
WSASend
WSASocketW
WSADuplicateSocketW
htons
htonl
setsockopt
ntohs
ntohl

mswsock

GetAcceptExSockaddrs
AcceptEx

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetAddConnection2W
WNetGetConnectionW
WNetCloseEnum
WNetCancelConnection2W

netapi32

NetWkstaGetInfo
NetApiBufferFree
NetServerEnum
NetShareEnum
NetServerGetInfo
NetUserGetInfo
NetUserGetGroups
NetUserGetLocalGroups
NetWkstaUserEnum
NetRemoteTOD
NetScheduleJobEnum
NetScheduleJobDel
NetScheduleJobAdd
NetScheduleJobGetInfo
NetUseEnum
NetUserEnum
NetShareGetInfo
NetShareDel
NetShareAdd

iphlpapi

GetIfEntry
GetNetworkParams
GetIfTable
GetPerAdapterInfo
SetTcpEntry
GetBestInterface
GetIpNetTable
GetAdaptersInfo
GetUdpTable
GetTcpTable
GetIpForwardTable

urlmon

ObtainUserAgentString

rpcrt4

RpcBindingSetOption
NdrAsyncClientCall
NdrClientCall2
RpcRaiseException
RpcStringFreeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

wininet

InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
HttpAddRequestHeadersW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoCreateInstanceEx

kernel32

GetStringTypeA
LCMapStringA
GetConsoleMode
HeapSize
LCMapStringW
InitializeCriticalSectionAndSpinCount
RtlUnwind
IsValidCodePage
GetCPInfo
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStringTypeW
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleW
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
GetCommandLineA
RaiseException
LocalAlloc
CompareStringW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
WriteConsoleW
CreateFileA
Module32FirstW
LoadLibraryW
SetHandleInformation
GetFullPathNameW
GetCurrentDirectoryA
GetDriveTypeA
GetStartupInfoA
GetLogicalDrives
FindFirstFileW
FindClose
FindNextFileW
VirtualQuery
FormatMessageW
GetFileSize
ReleaseMutex
CreateSemaphoreW
InterlockedExchange
VerifyVersionInfoW
ReleaseSemaphore
VerSetConditionMask
LocalFree
GetStdHandle
lstrlenA
lstrcpynA
lstrcmpiA
GetCurrentThreadId
GetVersionExW
lstrcmpW
Sleep
CloseHandle
SetErrorMode
SetConsoleCtrlHandler
RegisterWaitForSingleObject
UnregisterWait
GetLastError
CreateFileW
GetFileSizeEx
CreateIoCompletionPort
DeleteFileW
QueryPerformanceCounter
GetTickCount
CreateNamedPipeW
CreateEventW
CreateThread
WaitForSingleObject
WaitNamedPipeW
SetNamedPipeHandleState
InitializeCriticalSection
DeleteCriticalSection
CancelIo
WriteFile
PostQueuedCompletionStatus
ReadFile
GetConsoleOutputCP
GetQueuedCompletionStatus
DeleteTimerQueueTimer
OpenProcess
TerminateProcess
lstrcmpA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetCurrentProcessId
EnterCriticalSection
GetFileAttributesW
CreateDirectoryW
LeaveCriticalSection
RemoveDirectoryW
QueueUserWorkItem
ConnectNamedPipe
MultiByteToWideChar
WaitForMultipleObjects
WaitForMultipleObjectsEx
SetEvent
GetExitCodeThread
TerminateThread
ReadFileEx
GetOverlappedResult
WideCharToMultiByte
GetSystemTime
GetComputerNameExW
lstrcpynW
GetACP
GetSystemDefaultLCID
GetOEMCP
GetSystemDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
GetDriveTypeW
QueryDosDeviceW
DeviceIoControl
GetVolumeInformationW
GetDiskFreeSpaceExW
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetFileAttributesW
GetTempFileNameW
MoveFileExW
GetCurrentProcess
DuplicateHandle
CreateProcessW
CopyFileExW
GetModuleHandleA
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
MoveFileWithProgressW
SetFilePointerEx
GetProcessShutdownParameters
SetProcessShutdownParameters
GetLocalTime
GetTimeZoneInformation
QueryPerformanceFrequency
GetEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetSystemInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ProcessIdToSessionId
GetWindowsDirectoryW
GetFileAttributesExW
SetFileTime
GetConsoleCP
HeapAlloc
GetProcessHeap
GetCurrentThread
SetUnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapFree
HeapCreate
VirtualFree
SetLastError
VirtualAlloc
VirtualProtect
CreateMutexW

user32

GetClientRect
ClientToScreen
GetDesktopWindow
SendInput
EnumChildWindows
GetWindow
ShowWindow
PostMessageW
CharUpperBuffA
GetProcessWindowStation
GetCursorPos
EnumDesktopWindows
IsIconic
GetParent
GetWindowTextW
IsWindowVisible
SendMessageTimeoutW
GetClassNameW
GetWindowThreadProcessId
GetSystemMetrics
CharUpperBuffW
RedrawWindow
SetLayeredWindowAttributes
OpenInputDesktop
SetWindowLongW
GetWindowRect
GetWindowLongW
GetWindowDC
IsWindow
GetThreadDesktop
GetUserObjectInformationW
CreateDesktopW
SetThreadDesktop
CloseDesktop
CloseWindowStation
EnumDesktopsW
EnumWindowStationsW
wsprintfW
SetProcessWindowStation
OpenWindowStationW
OpenDesktopW
ReleaseDC
GetDC
GetLastInputInfo
wsprintfA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
SetStretchBltMode
SetBrushOrgEx
StretchBlt
DeleteDC
DeleteObject
GetClipBox
CreateDIBSection

shell32

CommandLineToArgvW
SHGetFolderPathW

psapi

GetModuleFileNameExW

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4eb1e2be9d15d875c6451da74d6d2c1

Headers

File Characteristics

Imports

ws2_32

mswsock

mpr

netapi32

iphlpapi

urlmon

rpcrt4

wininet

ole32

kernel32

user32

gdi32

shell32

psapi

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 16KB - Virtual size: 168KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 16KB - Virtual size: 168KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 20KB - Virtual size: 20KB