2254de92ecbd45826f8c6235f60bef79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2254de92ecbd45826f8c6235f60bef79_JaffaCakes118
Size

25KB
MD5

2254de92ecbd45826f8c6235f60bef79
SHA1

a11a8911ab130bed14fb82d8d152f70a0828fd72
SHA256

76e986988e61e085b9401824ea17ef4225ddf088b8c627387241887b9397fb3c
SHA512

f17903312943411df5bfe255373c21bd4f70819a639da24cede6f4dfc05f99ecd4a0ceb96c2e978adc657044374146a6ddc90e67028c6f794a66df0d5625297e
SSDEEP

384:9gqDvNPt5u30LTuhotw9NaEjNLMU1PlRBm3H2Ztz9S3o2k/isvxT9++LU:Sqrz83EK2w9sC1PPBm3A5CIKsvK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2254de92ecbd45826f8c6235f60bef79_JaffaCakes118

Files

2254de92ecbd45826f8c6235f60bef79_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2cf085f6f1393249275b3d2df322f34e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateEventA
LoadLibraryA
GetModuleHandleA
ResetEvent
WaitForSingleObject
FreeLibraryAndExitThread
SetThreadPriority
GetCurrentThread
ReleaseMutex
FreeLibrary
GetCurrentProcessId
SetEvent
CreateMutexA
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeSListHead
GetTempPathA
InterlockedPopEntrySList
InterlockedCompareExchange
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
GetProcAddress
GetCurrentProcess
WriteFile
CreateFileA
GetShortPathNameA
GetTempFileNameA
WinExec
Sleep
CreateFileMappingA
DeleteFileA
OpenEventA
MapViewOfFile
UnmapViewOfFile
CloseHandle
InterlockedPushEntrySList

user32

GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
EnumDesktopWindows
RegisterClassA
UpdateWindow
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CreateWindowExA

advapi32

RegSetValueExA
RegEnumValueA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wininet

HttpSendRequestA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntry
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA

urlmon

URLDownloadToFileA

ws2_32

setsockopt
WSACleanup
closesocket

msvcrt

memmove
_mbsinc
abs
memcmp
_ismbcspace
__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbsnbicmp
memcpy
malloc
free
strcpy
_mbscmp
time
_mbsupr
_ismbcprint
_snprintf
memset
_mbsrchr
_local_unwind2
_except_handler3
_EH_prolog
__CxxFrameHandler
sprintf
fopen
_memicmp
??2@YAPAXI@Z
_mbsicmp
fclose
strcat
_mbsstr
strlen
_mbsnbcpy
fgets

Exports

Exports

_DllMain@12

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cf085f6f1393249275b3d2df322f34e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

wininet

urlmon

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 22KB

.reloc
Size: 1KB - Virtual size: 1KB