07d8763889d3f1ea42e3203758a00cae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07d8763889d3f1ea42e3203758a00cae_JaffaCakes118
Size

156KB
MD5

07d8763889d3f1ea42e3203758a00cae
SHA1

d2469149dcb7ad4166bca611f50e9414c0d4f76f
SHA256

2ddbcdedbd374a7651ef8fd5f1d6ea0f0cd6d43f87ecb569a939ee49d12590f9
SHA512

41c5dd0f6b1cbd3797817fc0f50bb19ddcd8608e2af72bef21a7d3d933aba7b6b20fa1d7b1dc6ed63dc2ed033d96a4c94a9ad9a375841c7985f1d249220ac4bc
SSDEEP

3072:g5Q+YTqblKX5lMO0GWRsgIKJBa80qdk2o1NorbxSF6B:gmnTqb2lMO0GUsXDbV3NebaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07d8763889d3f1ea42e3203758a00cae_JaffaCakes118

Files

07d8763889d3f1ea42e3203758a00cae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4f8ede35ee817b7fd32f4eb491725552

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
WSACleanup
closesocket
htons
gethostbyname
inet_ntoa
connect
send
socket
inet_addr
getprotobyname
setsockopt
WSAStartup

shlwapi

StrToIntA

setupapi

SetupIterateCabinetA

wininet

InternetCrackUrlA

kernel32

SetStdHandle
lstrlenA
lstrcatA
lstrcpyA
GetSystemDefaultLangID
InterlockedIncrement
InterlockedDecrement
CreateFileA
CloseHandle
ReadFile
WriteFile
GetFileSize
CopyFileA
MoveFileExA
DeleteFileA
GetFileTime
SetFileTime
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
DebugBreak
OutputDebugStringA
GetStringTypeExA
GetThreadLocale
GetLastError
CreateMutexA
DisableThreadLibraryCalls
lstrcmpA
FlushFileBuffers
GetSystemInfo
HeapCreate
InitializeCriticalSection
HeapDestroy
LCMapStringW
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetShortPathNameA
SystemTimeToFileTime
lstrcpynA
GetPrivateProfileSectionA
SetFilePointer
GetVersionExA
GetSystemDirectoryA
GetModuleFileNameA
GetLocalTime
WaitForSingleObject
CreateThread
WinExec
lstrcmpiA
CreateDirectoryA
TerminateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetStringTypeA
DeleteCriticalSection
LCMapStringA
LeaveCriticalSection
HeapAlloc
GetStringTypeW
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
FreeEnvironmentStringsA
WideCharToMultiByte
GetFileType
GetStdHandle
GetStartupInfoA
HeapSize
TerminateProcess
SetHandleCount
VirtualAlloc
VirtualFree
IsBadWritePtr
ExitProcess
SetLastError
TlsFree
TlsGetValue
TlsSetValue
GetVersion
TlsAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
RtlUnwind

user32

PeekMessageA
CharLowerA
SetWindowLongA
GetActiveWindow
CharNextA
RemovePropA
wvsprintfA
DialogBoxParamA
CallWindowProcA
GetPropA
SendMessageTimeoutA
FindWindowA
PostThreadMessageA
GetWindow
CharUpperA
PostMessageA
MapWindowPoints
SystemParametersInfoA
GetClientRect
GetWindowTextA
SetWindowPos
MoveWindow
GetSystemMetrics
UpdateWindow
EndDialog
SetFocus
LoadImageA
SetWindowTextA
GetDlgItem
IsDialogMessageA
GetWindowLongA
GetParent
SetPropA
SetCapture
GetCapture
InvalidateRect
PtInRect
GetWindowRect
ReleaseCapture
LoadCursorA
SetCursor
wsprintfA
LoadStringA
SendMessageA
ClientToScreen

gdi32

SetTextColor
GetObjectA
CreateFontIndirectA
DeleteObject

advapi32

RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

OleInitialize
OleUninitialize

Exports

Exports

CopyFileRoutine
DownloadNews
GetUrlObject
Hook
PostUninstallMessage2Server
Upgrade

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f8ede35ee817b7fd32f4eb491725552

Headers

File Characteristics

Imports

ws2_32

shlwapi

setupapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 10KB