02cf14c91b59ead8883f023b05e90c6a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02cf14c91b59ead8883f023b05e90c6a_JaffaCakes118
Size

68KB
MD5

02cf14c91b59ead8883f023b05e90c6a
SHA1

f37677dfcc46df68b0cd097d82562660ba08aaa7
SHA256

94d4074aa53c7dc5d1420929b50d4263453004aa2626c25743e8bca82da29a22
SHA512

58bf2f7d0148ce400b40cfabe26d388749bed0bf3d846990946121b288dada84277dcc942fc3d51c724dde0854a4a3353b18179196eb3215f724834c028387ec
SSDEEP

768:zoaFAU19aRcvlgcSTco6F+lN/STtfL8TVjDS4PM8DzHuHLBhFGgNAPCoZm:1as+XyesL8TVjXM4zurBvv66oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02cf14c91b59ead8883f023b05e90c6a_JaffaCakes118

Files

02cf14c91b59ead8883f023b05e90c6a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7f7b02a468451341436dc6f9147ad06d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
DeleteFileA
Sleep
GetLastError
CreateEventA
GetPrivateProfileIntA
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetSystemDirectoryA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
WriteFile
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
CreateFileA
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA

ws2_32

WSCEnumProtocols
WSCGetProviderPath

shell32

ShellExecuteA
SHGetSpecialFolderPathA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken

Exports

Exports

Run
WSPStartup

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f7b02a468451341436dc6f9147ad06d

Headers

File Characteristics

Imports

kernel32

wininet

ws2_32

shell32

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB