1b34d10691b5085ae365b5771a0c0365_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b34d10691b5085ae365b5771a0c0365_JaffaCakes118
Size

196KB
MD5

1b34d10691b5085ae365b5771a0c0365
SHA1

9e489c1eb317601fb701729209a71a29108efc07
SHA256

02a43250d765e08cca3476ee387bdab1b729c788b34bfba107b64383c13a17c8
SHA512

40a5d6f7007097247f15368cc473f48ec21c3d97d4a3d91a5a180edf9a6595e64ab2cf9a65182cbc6ca7fe7558c9d433b3e96fd24610b6e6885d2a44a2a36508
SSDEEP

3072:XN2O64+OKp41FyEtQnLLNceTBfasUJAvf+HA5xo5xh:B64DBQnL6eTBdlgA5anh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b34d10691b5085ae365b5771a0c0365_JaffaCakes118

Files

1b34d10691b5085ae365b5771a0c0365_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e2531deae270db6539613596b543331f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW
RegQueryValueA
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegEnumValueW
RegCreateKeyA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

kernel32

Sleep
GetVersionExA
GetThreadLocale
GetACP
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringA
GetCurrentProcessId
lstrcpyn
CreateFileMappingA
GetVolumeInformationA
CreateFileA
MultiByteToWideChar
ReadFile
GetTickCount
lstrcpyA
GetCurrentProcess
SetLastError
FlushInstructionCache
CreateFileMappingW
GetLocalTime
lstrcat
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
InitializeCriticalSection
CreateEventW
CreateThread
TerminateThread
LockResource
LocalFree
LoadResource
FindResourceW
GetVersionExW
GetLocaleInfoA
SizeofResource
lstrlen
lstrcpyW
GetSystemTimeAsFileTime
GetTempFileNameW
GetSystemDirectoryW
lstrcmpi
GetPrivateProfileStringW
lstrcatW
GetCurrentThread
InterlockedDecrement
WritePrivateProfileStringW
InterlockedIncrement
SetThreadPriority
WideCharToMultiByte
GetCurrentThreadId
CreateProcessW
WaitForSingleObject
GetLastError
OpenMutexW
FreeLibraryAndExitThread
GetModuleFileNameW
OpenFile
ReleaseMutex
RaiseException
FileTimeToSystemTime
GetModuleFileNameA
DisableThreadLibraryCalls
lstrlenW
CreateMutexW
GetFileTime
lstrcpynW
WriteFile
GetWindowsDirectoryW
FreeLibrary
CloseHandle
LoadLibraryW
GetVolumeInformationW
OpenEventW
CreateFileW
GetTempPathA
SetEvent
GetVersion
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualAlloc
VirtualProtect
GetProcessHeap
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
FlushFileBuffers
GetLocalTime
GetPrivateProfileStringA
GetStartupInfoA
GetTimeFormatA
InitializeCriticalSection
TlsAlloc
lstrcpyn

ntdll

RtlUnwind
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlFreeHeap

oleaut32

VariantChangeType
SysAllocString
VariantInit
SysAllocStringLen
VariantClear
SysFreeString
SysFreeString

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

StrCatW
StrCpyW
StrStrIA
StrStrIW
StrStrA
UrlEscapeA
StrRChrA
StrChrA
PathRenameExtensionW
StrCatW

user32

wsprintfW
GetWindowThreadProcessId
GetClassNameW
EnumChildWindows
EnumWindows
PostQuitMessage
DispatchMessageW
CreateWindowExW
RegisterClassExW
CallNextHookEx
DefWindowProcW
UnhookWindowsHookEx
PostMessageW
wsprintfA
PeekMessageW
SetWindowsHookExW
GetWindowLongW
wsprintfW

wininet

HttpSendRequestW
InternetReadFile
InternetOpenUrlA
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
InternetConnectW
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetOpenW

ws2_32

WSACleanup
WSAStartup
listen
socket
closesocket
connect
bind
ntohs
ntohs
WSASetLastError
select
WSAGetLastError
send
inet_addr
accept
recv
recv

msvcrt

sprintf
mbstowcs
ldiv
srand
calloc
isdigit
_snprintf
rand
malloc
free
strtok
atoi
isspace
atol
strncpy
atof
memchr
strtoul
_itow
wcstombs
_wtol
strstr
strncmp
_strnicmp
??_V@YAXPAX@Z
_time64
memmove
??2@YAPAXI@Z
??_U@YAPAXI@Z
??3@YAXPAX@Z
_iob
memset
memcpy
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
isleadbyte
_itoa
_strlwr
_errno
wctomb
_CxxThrowException
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
__CxxFrameHandler
strtol
_except_handler3
ldiv

ole32

CoInitialize
CoCreateInstance
CoInitialize

Exports

Exports

AddCallback
CallbacksCount
GetProxyServiceVersion
RemoveCallback
s

Sections

.decoder
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2531deae270db6539613596b543331f

Headers

File Characteristics

Imports

advapi32

kernel32

ntdll

oleaut32

shell32

shlwapi

user32

wininet

ws2_32

msvcrt

ole32

Exports

Exports

Sections

.decoder Size: 192KB - Virtual size: 192KB

.decoder
Size: 192KB - Virtual size: 192KB