09a25572b9e6bcdb8bf37342e59a4d86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09a25572b9e6bcdb8bf37342e59a4d86_JaffaCakes118
Size

81KB
MD5

09a25572b9e6bcdb8bf37342e59a4d86
SHA1

7d9bbbe3e57561c6ca2cf7acdb77ed1d8fa8d6a1
SHA256

288728dd512a849baaf996dfcba81631efadb163a650999434c977d6134ba2f2
SHA512

5bbc55fb7c3d7a55441d8469b13558bc19ccb1dc076e4884757dd79db69f454e3123f58bc8bec1189df87be3a1aba955b9acad5018c733c6a27d5fa05afe1567
SSDEEP

1536:5IXZcvLCNNSZhT2hOdkuE/8PYc9xvTKN:545/8PYc9xvTKN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09a25572b9e6bcdb8bf37342e59a4d86_JaffaCakes118

Files

09a25572b9e6bcdb8bf37342e59a4d86_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8359339531c5d499e979229f9efee6dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
CreateEventA
OpenEventA
Sleep
DeleteFileA
ReadFile
GetFileSize
CreateFileA
OutputDebugStringA
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
SetThreadPriority
GetTickCount
GetCommandLineA
GetWindowsDirectoryA
Process32Next
CreateThread
GetVolumeInformationA
GetComputerNameA
GetVersionExA
OpenProcess
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
SetErrorMode
GetModuleHandleA
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalFree
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
Process32First
WideCharToMultiByte

user32

GetMessageA
GetWindowTextA
GetInputState
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
EnumWindows
PostMessageA
PostThreadMessageA
GetSystemMetrics
wsprintfA
ClipCursor

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

ws2_32

inet_ntoa
getpeername

advapi32

RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

netapi32

Netbios

iphlpapi

GetAdaptersInfo

msvcrt

__CxxFrameHandler
_strdup
strncat
??2@YAPAXI@Z
strstr
atoi
strchr
sprintf
strrchr
??3@YAXPAX@Z
wcscmp
wcslen
abort
free
_initterm
malloc
_adjust_fdiv
_stricmp
_strupr

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueIndexA
VerQueryValueIndexW
VerQueryValueW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8359339531c5d499e979229f9efee6dd

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

netapi32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

zdata Size: 10KB - Virtual size: 10KB

vdata Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

zdata
Size: 10KB - Virtual size: 10KB

vdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB