7969cde033607c12a6c149bff8164091_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7969cde033607c12a6c149bff8164091_JaffaCakes118
Size

137KB
MD5

7969cde033607c12a6c149bff8164091
SHA1

a3aa50ebfc2a93c12177016ac70a6ecb09b9bd9c
SHA256

2baaa74cd8299fa45a7d7f64d435d240f14c4caad5c89346ea28b8c861f872fe
SHA512

a7d51e0fca4e94349897a91f7bba94b6e66d9c1ea562643f1c91c3213b510a5cea4ee556cbc7185ddecbfda8c0da9bdcda1d1b8b445c9bfb93353e10f315f3ce
SSDEEP

3072:JCul2f+xcvlK8QoabyUl3f4CSyxNFGI2RlxPB3AOnbAPfEo:JCulTx8lkNX3kyTFGI2RlxP1AvPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7969cde033607c12a6c149bff8164091_JaffaCakes118

Files

7969cde033607c12a6c149bff8164091_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3e4da509abadf0dc04fac404be52e5e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

URLDownloadToFileW

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW

shlwapi

PathFindExtensionW
StrChrA
PathAddBackslashW
PathFileExistsW

psapi

GetModuleFileNameExW
GetModuleInformation

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAStartup
connect
ioctlsocket
socket
WSAGetLastError
send
closesocket
recv
select
gethostbyname
getpeername
inet_ntoa
setsockopt
htons
inet_addr

dnsapi

DnsQuery_A
DnsFree

kernel32

GetFileSize
VirtualQueryEx
lstrcatW
lstrcatA
lstrcpyW
lstrcmpiA
SetThreadExecutionState
DeleteFileW
FreeLibrary
GetProcessHeap
IsWow64Process
GetCurrentProcess
VirtualFree
lstrcmpiW
VirtualAlloc
GetProcAddress
GetModuleHandleW
lstrlenA
GetLastError
SetLastError
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableW
ReadFile
PeekNamedPipe
CloseHandle
Sleep
WaitForSingleObject
CreateThread
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
SetErrorMode
GetLogicalDrives
WriteFile
CreateFileW
SetFileAttributesW
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VirtualQuery
GetComputerNameW
GetSystemTime
OpenProcess
CreateRemoteThread
GetVersionExW
WriteProcessMemory
VirtualAllocEx
GetTickCount
GetCurrentProcessId
ExitProcess
DisableThreadLibraryCalls
CopyFileW
CreateMutexW
HeapCreate
InterlockedCompareExchange
InterlockedExchange
GetSystemInfo
HeapFree
SuspendThread
OpenThread
SetThreadContext
GetThreadContext
Thread32Next
HeapReAlloc
HeapAlloc
GetCurrentThreadId
Thread32First
ResumeThread
FlushInstructionCache
VirtualProtect
GetExitCodeProcess
ReadProcessMemory
TerminateProcess
GetOverlappedResult
CancelIo
WaitForMultipleObjects
CreateEventW
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CallNamedPipeW
GetCurrentThread
GetExitCodeThread

user32

GetWindowThreadProcessId
EnumWindows
CharLowerA
GetDC
GetSystemMetrics
wsprintfW
wsprintfA

gdi32

SelectObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
OpenProcessToken
GetTokenInformation

shell32

SHGetFolderPathW

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

ntdll

_strnicmp
_wtoi
memset
atoi
strstr
wcsrchr
sscanf
memmove
strtol
isxdigit
tolower
memcpy
strncmp

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e4da509abadf0dc04fac404be52e5e3

Headers

File Characteristics

Imports

urlmon

gdiplus

crypt32

shlwapi

psapi

version

ws2_32

dnsapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 19KB - Virtual size: 52KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 19KB - Virtual size: 52KB

.reloc
Size: 4KB - Virtual size: 4KB