274870781d09b448557a0e7bad8af646_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

274870781d09b448557a0e7bad8af646_JaffaCakes118
Size

222KB
MD5

274870781d09b448557a0e7bad8af646
SHA1

aa3f9f0f6d48cb4df16c3d14f0ea9e5c4e6073e8
SHA256

389b767dafeed1053b74a8ff44515577cef2b922441f52467b88b3c2a7b2f4cf
SHA512

54e48dbb67f2cdd09b5d0827d46a9b89071b04ac1ba6f6c1f559c7c1b1219d84fb229301c9531b16a065f2d2c1bcac3639053791b3cae643e5d3c13329df33cf
SSDEEP

3072:kf529f529f529f529f529f529f529f529f529f529f529f5+:a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
274870781d09b448557a0e7bad8af646_JaffaCakes118

Files

274870781d09b448557a0e7bad8af646_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
_beginthreadex
fseek
strncpy
fread
fclose
strchr
strcpy
atoi
strtok
strrchr
malloc
wcscmp
_stricmp
__CxxFrameHandler
abs
sprintf
strncmp
strcat
fopen
fgets
memcpy
strstr
strlen
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
_strrev

kernel32

GetCurrentProcessId
CreateMutexA
GetLastError
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
lstrlenA
CopyFileA
DeleteFileA
GetFileAttributesA
GetTempFileNameA
MoveFileExA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
CloseHandle
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetTempPathA
GetCommandLineA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
WriteFile
CreateFileA
GlobalLock
GlobalAlloc
VirtualProtect
GetModuleHandleA
ExitProcess
GetFileSize
Sleep
WaitForSingleObject
Process32Next
GetModuleFileNameA

user32

wsprintfA
GetDC
GetClientRect
GetClassNameA
GetWindowTextA
ReleaseDC
GetWindowRect
GetDesktopWindow
EnumWindows

ws2_32

socket
inet_addr
recv
connect
gethostbyname
send
closesocket
WSAStartup
htons
inet_ntoa
WSACleanup

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdipDisposeImage
GdipAlloc
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromFile
GdipSaveImageToFile
GdipCloneImage
GdipFree

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

dbghelp

SearchTreeForFile

Exports

Exports

FHard
Install
igwCheckUpdate
igwEndUpdate
igwGetModule
igwInit
igwInitExA
igwInitExW
igwInitialize
igwSupportA
igwSupportExA
igwSupportExW
igwSupportW
igwTerminal

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a14f6ce313e5f3d3af76a948b83b771b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

gdi32

gdiplus

urlmon

wininet

dbghelp

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB