3453d5fc14a0adeece12538e53fdeb14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3453d5fc14a0adeece12538e53fdeb14_JaffaCakes118
Size

126KB
MD5

3453d5fc14a0adeece12538e53fdeb14
SHA1

d80f46fa1cfd4ddb338a85880289322826b826c5
SHA256

1af75e320309531cbace79c190addf166a08de161faf94a42128778f89573cfa
SHA512

ccd4c9fbe124349d067807cdbddbc8a10d89cae6e06f359e1537b8822f19a577a08c5a963ffcb5969253b6decc1cc441d9b962805c58c9e67fa043dc610abc0d
SSDEEP

1536:BJ5ImWNmWp7GTviqQv4zvhwEs85F9axMAf7H1E+cxnwnP8cD76UNwWXPcazPlK1X:A8Wp47hwGF9axJRffwoUazPlK1X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3453d5fc14a0adeece12538e53fdeb14_JaffaCakes118

Files

3453d5fc14a0adeece12538e53fdeb14_JaffaCakes118
.dll windows:4 windows x86 arch:x86

33f21c2b27710233bdab98e4ca1f71d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateRemoteThread
GetProcAddress
GetModuleHandleA
OpenProcess
WriteProcessMemory
VirtualAllocEx
CreateThread
GlobalFree
GetFullPathNameA
GetModuleFileNameA
GlobalAlloc
DeleteFileA
WriteFile
CreateFileA
LoadLibraryA
GetFileSize
MultiByteToWideChar
IsBadWritePtr
lstrcpynA
GetTickCount
SetEvent
InitializeCriticalSection
GetSystemTime
CreateEventA
SetFilePointer
GetLastError
FreeLibraryAndExitThread
SetLastError
ExpandEnvironmentStringsA
ReadFile
WinExec
CreateProcessA
GetStartupInfoA
CreateMutexA
WaitForSingleObject
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
SetPriorityClass
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
TerminateThread
DeleteCriticalSection
ExitThread
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
CloseHandle
Sleep
lstrcpyA
lstrcatA
OpenFile
lstrlenA
GetSystemInfo
VirtualProtect
VirtualAlloc
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
VirtualQuery
InterlockedExchange
TerminateProcess
ExitProcess
WideCharToMultiByte
GetStdHandle
SetUnhandledExceptionFilter
RtlUnwind
RaiseException

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
CloseServiceHandle
RegDeleteValueA

user32

wsprintfA
wsprintfW

ws2_32

WSACleanup
inet_addr
setsockopt
bind
listen
select
WSAGetLastError
getsockopt
ntohs
getsockname
gethostname
inet_ntoa
__WSAFDIsSet
accept
ioctlsocket
recv
WSAStartup
socket
gethostbyname
htons
connect
send
closesocket
shutdown

shlwapi

PathFileExistsA
StrToIntA

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33f21c2b27710233bdab98e4ca1f71d5

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

shlwapi

wininet

ole32

oleaut32

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 20KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 20KB

.reloc
Size: 9KB - Virtual size: 9KB