04ec89a6dc73ec856caafe6d63e2899c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04ec89a6dc73ec856caafe6d63e2899c_JaffaCakes118
Size

92KB
MD5

04ec89a6dc73ec856caafe6d63e2899c
SHA1

8485ed6c58abe7599de7637832a6bc4d10bc4a79
SHA256

de94f421e34e225221ace0bd954eb127961d05ac5d8cdab13e515516a03243dd
SHA512

2bce8bfbb77067676364dea3f057a138938fddbbe6bff75fe2fe675a322981169aee395d7f4bc9af165e065db2465a24ebc7b3cb6bf36627fb28591be1e4d8df
SSDEEP

1536:e3sR0PXggXQPXn7dUyYjb1aBkXcZ7HhJwv+ddfOytCvSAdn+aRjidwtk:LSPXggXypBBoc1VOJldn+aRjidw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ec89a6dc73ec856caafe6d63e2899c_JaffaCakes118

Files

04ec89a6dc73ec856caafe6d63e2899c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e2067d9e90543f4d1d7dc036a98d4601

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
strchr
__CxxFrameHandler
wcscat
_adjust_fdiv
_initterm
strcmp
wcscpy
_snprintf
malloc
??3@YAXPAX@Z
_strcmpi
_assert
wcstombs
memset
strlen
strstr
strcat
free
memcmp
strcpy
memcpy

kernel32

OpenFile
Process32First
CreateToolhelp32Snapshot
TlsSetValue
SetLastError
GetFullPathNameA
MultiByteToWideChar
GetModuleFileNameA
lstrcatA
ResumeThread
OpenMutexA
ExpandEnvironmentStringsA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibraryAndExitThread
LoadLibraryA
Sleep
CreateThread
CloseHandle
ReleaseSemaphore
PostQueuedCompletionStatus
GetVersionExA
GetSystemInfo
CreateSemaphoreA
CreateIoCompletionPort
GetLastError
WaitForSingleObjectEx
GetQueuedCompletionStatus
TlsFree
TlsAlloc
FreeLibrary
GetProcAddress
VirtualAlloc
Process32Next
lstrcmpA
ResetEvent
TlsGetValue
WaitForSingleObject
GetModuleHandleA
lstrcpyA
OutputDebugStringA
FlushFileBuffers
WriteFile
lstrlenA
CreateFileA
OpenProcess
ReleaseMutex
CreateMutexA
lstrcpynA
ReadProcessMemory
SetFilePointer
VirtualFree
WriteProcessMemory
GetCurrentProcessId

ws2_32

WSCInstallProvider
closesocket
WSCDeinstallProvider
WSCEnumProtocols
WSAGetLastError

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA

user32

DispatchMessageA
GetMessageA
SetWindowLongA
DestroyWindow
TranslateMessage
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
GetWindowLongA
wsprintfA
SendMessageA
FindWindowExA
GetClassNameA
IsWindow
GetWindow
FindWindowA
GetWindowThreadProcessId
DefWindowProcA
PostThreadMessageA

gdi32

GetStockObject

rpcrt4

UuidToStringA
UuidFromStringA
UuidCreate
RpcStringFreeA

wininet

HttpQueryInfoA
InternetReadFile
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA

Exports

Exports

Decode
DecodeEx
GetIsInstallLsp
HexToBin
SetLspActive
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
WSPStartup

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2067d9e90543f4d1d7dc036a98d4601

Headers

File Characteristics

Imports

msvcrt

kernel32

ws2_32

advapi32

user32

gdi32

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 1.6MB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 1.6MB

.reloc
Size: 12KB - Virtual size: 8KB