1c5019bec73c2b0ad3a688092279cd54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c5019bec73c2b0ad3a688092279cd54_JaffaCakes118
Size

264KB
MD5

1c5019bec73c2b0ad3a688092279cd54
SHA1

a682b5033864ac46fd58446b4216a3c79f38f7ec
SHA256

bfde4ae556da42eb0d834e53bbfad992a5aa1f9244fcaf6e61f0fc8da9e17768
SHA512

bfa22763cdd4441473d574d24540562f935c4afe5aae13fa5b62a42f9504b1ffaa49671425c8c1538f5637799d216ec7720583d1a721463212f969f6c4a1b232
SSDEEP

6144:SneRfGyzhiXbZDQi6t0xDp6AZVupkkXYazLisJbwtUTgL:bROoCj6Y16auukXYazOsJ2U0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5019bec73c2b0ad3a688092279cd54_JaffaCakes118

Files

1c5019bec73c2b0ad3a688092279cd54_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c7062f4d570fb192a9d454668699a7f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
IsBadReadPtr
Sleep
TerminateProcess
GetModuleHandleA
CreateThread
CreateFileA
GetLocaleInfoW
SetStdHandle
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RtlUnwind
RaiseException
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetModuleFileNameA
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
SetFilePointer
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetAsyncKeyState

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7062f4d570fb192a9d454668699a7f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wininet

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 144KB - Virtual size: 144KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 144KB - Virtual size: 144KB