14bb5d5440671862dd826c908ed8464a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14bb5d5440671862dd826c908ed8464a_JaffaCakes118
Size

346KB
MD5

14bb5d5440671862dd826c908ed8464a
SHA1

ceff3b5cca442734d8e814cbfaceebbf504ffd45
SHA256

d232f1e20bbb611ed607946ecf7c3e7ac29ede57635cb5f7233fa8354a227a2a
SHA512

397e477d8fbacd223e4f441f66f8a56f87b84fa33eee6f5d3b443d322eb4b2a689eb9a1e43c5b8cd17b0e2d5631a12d0ecf9d2fafe3deed1ff57df55e703fa76
SSDEEP

6144:22MF0Eq50fKRO3m2/2uXQ2Ji+t63cKkyNwbG2Ie7sL0G9gyv2bGtek1TBrgjbiyt:22MFIlRO22/2uXQ2JttlyNwbG2IeaBgV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14bb5d5440671862dd826c908ed8464a_JaffaCakes118

Files

14bb5d5440671862dd826c908ed8464a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a956f8fe64d9f55dfd05f40e46715b6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_GetComponentManager
NS_GetServiceManager
NS_Alloc
NS_Free
NS_CStringGetData
NS_StringContainerInit2
NS_StringContainerInit
NS_StringGetData
NS_StringContainerFinish
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringSetData

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

kernel32

InterlockedExchangeAdd
lstrlenW
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetProcessHeap
SetEndOfFile
CreateFileA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentDirectoryA
SetFilePointer
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
GetFullPathNameW
GetTempFileNameW
GetFileSize
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetModuleFileNameW
CreateFileW
LocalAlloc
CreateFileMappingW
CloseHandle
LocalFree
WaitForSingleObject
TerminateThread
Sleep
SetThreadPriority
GetExitCodeThread
FreeLibrary
WriteFile
GetProcAddress
LoadLibraryA
DeleteFileW
GetTempPathW
CreateMutexW
CreateProcessW
GetTickCount
GetLastError
ReleaseMutex
GetSystemTime
GetSystemInfo
GetWindowsDirectoryW
GetVolumeInformationW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
ExitThread
CreateThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy

user32

GetWindowRect
GetParent
SetWindowLongW
ShowWindow
SetWindowPos
GetClientRect
wsprintfW
GetWindow
MapWindowPoints
SystemParametersInfoW
PostMessageW
IsWindow
SetWindowTextW
GetWindowLongW
SendMessageW
CallWindowProcW
FindWindowW

ws2_32

inet_addr

rpcrt4

UuidToStringW
RpcStringFreeW

imagehlp

UnMapAndLoad
MapAndLoad

shlwapi

StrStrIW
UrlGetPartW
UrlEscapeW
PathMatchSpecW
UrlUnescapeW

wininet

InternetReadFile
InternetConnectW
HttpSendRequestW
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetQueryOptionW
InternetOpenW
InternetSetOptionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptGetHashParam

shell32

SHCreateDirectoryExW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Exports

Exports

NSGetModule

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a956f8fe64d9f55dfd05f40e46715b6a

Headers

File Characteristics

Imports

xpcom

nspr4

kernel32

user32

ws2_32

rpcrt4

imagehlp

shlwapi

wininet

version

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB