0bf67d0aec186e88cc9ed335f885302e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0bf67d0aec186e88cc9ed335f885302e_JaffaCakes118
Size

806KB
MD5

0bf67d0aec186e88cc9ed335f885302e
SHA1

7b68ffae3b19d0c7759dd33f753aadcdd3e61de3
SHA256

a65599afcc8d2f7616e57bc2516e781f932fd794ecd68c1aa0af06d5f392d935
SHA512

36cae1dd9ce5548ea74f03ca269779509bd0f0607f5df90834358a925a2f92b8afbb5504a02afa6fef17decbcefec29542a59c054c06f7115f92cc06363e0dfa
SSDEEP

24576:N91SW9ZHXvtSJOT+w+y8nRf0AwA24I/uctn:1IOeflwv4qTtn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf67d0aec186e88cc9ed335f885302e_JaffaCakes118

Files

0bf67d0aec186e88cc9ed335f885302e_JaffaCakes118
.dll windows:6 windows x86 arch:x86

e6e917dc8be07182f13b1f20d820300c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetModuleFileNameW
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
SystemTimeToFileTime
QueryPerformanceCounter
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetFileAttributesA
LeaveCriticalSection
HeapCreate
GetVolumeInformationW
GetFileAttributesW
ReadFile
FlushFileBuffers
GetTempPathW
GetLastError
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetCurrentThreadId
DeleteFileW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
RaiseException
DecodePointer
SetEnvironmentVariableA
GetProcAddress
GetSystemDirectoryW
CopyFileW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
ReadConsoleW
GetModuleFileNameA
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleExW
GetCurrentProcess
GetProcessHeap
TerminateThread
WaitForSingleObject
CreateThread
GetCurrentProcessId
HeapFree
HeapAlloc
WriteFile
GetFileSize
GetModuleHandleW
CreateFileW
InitializeCriticalSectionAndSpinCount
CloseHandle
GetPrivateProfileStringW
LoadLibraryA
HeapValidate
ExitProcess
GetStringTypeW
EncodePointer
IsDebuggerPresent
GetCPInfo
IsProcessorFeaturePresent
ExitThread
LoadLibraryExW
GetCommandLineA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
IsValidCodePage
GetACP
GetOEMCP

advapi32

RegOpenKeyExW
RegCloseKey

oleaut32

SafeArrayGetLBound
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
VariantInit
VariantClear
SysAllocString
SysFreeString

winhttp

WinHttpCrackUrl

esent

JetOpenDatabase
JetAttachDatabase
JetCloseTable
JetRetrieveColumn
JetMove
JetGetColumnInfo
JetCloseDatabase
JetEndSession
JetDBUtilitiesW
JetTerm
JetBeginSession
JetInit
JetCreateInstance
JetSetSystemParameter
JetDetachDatabase
JetOpenTable

mscoree

CorBindToRuntimeEx

Exports

Exports

Test

Sections

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6e917dc8be07182f13b1f20d820300c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

oleaut32

winhttp

esent

mscoree

Exports

Exports

Sections

.text Size: 673KB - Virtual size: 673KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 31KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 673KB - Virtual size: 673KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 31KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 23KB - Virtual size: 22KB