2b454f29691db618e90e5395599ea336_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b454f29691db618e90e5395599ea336_JaffaCakes118
Size

32KB
MD5

2b454f29691db618e90e5395599ea336
SHA1

41260a5a2a7f40170d0e7f536f86e4305146845c
SHA256

859a272162970bf966b1b3e1df58f79e70c3a580aa64cdc6c9cdb15ed897d0d6
SHA512

32b76d6b14b7d8067fb7ed66aeabc52976b9280067c3113a77255ecc04b6fa93dcb0616e3ef834ab99cfec60eaaec01fa3be30ec151e64fbafc1a6dd0f0a0d80
SSDEEP

768:T6PmGDZlJfU4hI05Vw0/17AWqdXVEKsGsRCx+pGeitsKEtm5Qk:T6PmGDR1r/17EdCRCUVIHQk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b454f29691db618e90e5395599ea336_JaffaCakes118

Files

2b454f29691db618e90e5395599ea336_JaffaCakes118
.dll windows:4 windows x86 arch:x86

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
HeapDestroy
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetCurrentProcess
CloseHandle
GetLastError
GetCurrentThread
GetModuleFileNameA
InterlockedExchange
InitializeCriticalSection
CreateThread
DeleteCriticalSection
GetTempPathW
EnterCriticalSection
GetTickCount
LeaveCriticalSection
Sleep
FlushInstructionCache

user32

CharLowerW
CharNextW

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
RegCloseKey
RegQueryValueExA
RegCreateKeyA
OpenProcessToken

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
VariantClear
DispCallFunc
SysAllocStringLen
VariantInit
LoadRegTypeLi

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

msvcrt

strcpy
memcmp
_purecall
memcpy
strlen
wcscat
??2@YAPAXI@Z
wcsstr
wcslen
memset
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
wcscpy

Sections

.text
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.456oc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shlwapi

wininet

msvcrt

Sections

.text Size: 12KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 5KB - Virtual size: 5KB

.456oc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 5KB - Virtual size: 5KB

.456oc
Size: 4KB - Virtual size: 4KB