39396c0247159a120b6740bb63ac174b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39396c0247159a120b6740bb63ac174b_JaffaCakes118
Size

592KB
MD5

39396c0247159a120b6740bb63ac174b
SHA1

624c66bae3452c015405c54a230a322360d8a3d9
SHA256

42f3f20e477bb3e8c5576a6b47e09cf48a0ecc94809eb9e6f8d653e89e0bef24
SHA512

e4546195ccbdc0feb71c58c8e1c7dec2f54ef821a45653f2a48b5a5bc5bdc8efb2155a43856dc2f6fd349cc8487f7d47de761adf148fe2f79e77220dd0a4c8d7
SSDEEP

12288:lutFg8Ejy1ExPx0aeJvhYn3gm9/3aznh7Do9TrumWqoFIcU70:ctYnp2va3gm9/q9k9TrNhop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39396c0247159a120b6740bb63ac174b_JaffaCakes118

Files

39396c0247159a120b6740bb63ac174b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b5d36b4d32c9edd4c3f52df299c605e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\dev\repos\clientserver\cubeversion\Client\bin\Release\nonifslsp.pdb

Imports

wininet

InternetQueryOptionW
InternetOpenW
HttpAddRequestHeadersW
InternetConnectW
InternetCrackUrlW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlA
HttpSendRequestW
InternetCrackUrlA

ws2_32

getpeername
inet_ntoa
ntohs
ntohl
getsockname
closesocket
gethostbyname
WSAGetLastError
WSAResetEvent
socket
inet_addr
select
WSASend
connect
__WSAFDIsSet
WSAWaitForMultipleEvents
WSARecv
recv
WSAGetOverlappedResult
htons
WSACloseEvent
WSASetEvent
WSACreateEvent
WSAEventSelect

imagehlp

MapFileAndCheckSumW

iphlpapi

GetAdaptersInfo

kernel32

GetThreadLocale
GetFullPathNameA
GetDriveTypeA
LoadLibraryExA
GetCurrentDirectoryA
SetEndOfFile
IsProcessorFeaturePresent
CloseHandle
DeleteFileW
LockResource
WideCharToMultiByte
FindResourceExW
FindResourceW
GetTempPathW
CreateDirectoryW
LoadResource
CreateProcessW
WaitForSingleObject
GetTempFileNameW
CreateFileW
WriteFile
GetLastError
InterlockedIncrement
MoveFileExW
InterlockedDecrement
SizeofResource
lstrlenW
MultiByteToWideChar
FlushFileBuffers
ReadFile
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
InterlockedExchangeAdd
lstrlenA
CreateMutexW
WaitForMultipleObjects
CreateThread
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
FreeLibrary
Sleep
SetEvent
LoadLibraryExW
SystemTimeToFileTime
FileTimeToSystemTime
RaiseException
CreateEventW
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
GetCurrentProcess
GetSystemTime
DuplicateHandle
lstrcmpiW
GetModuleHandleW
CompareFileTime
GetTickCount
FlushInstructionCache
GetCurrentThreadId
MulDiv
GlobalLock
lstrcmpW
GlobalAlloc
SetLastError
GlobalUnlock
SetThreadPriority
ResumeThread
ResetEvent
GetThreadPriority
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InterlockedExchange
LoadLibraryA
SetFilePointer
GetVersionExW
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetFileSize
SearchPathW
DeviceIoControl
GetSystemDirectoryW
GetVolumeInformationW
GetVersion
GetConsoleCP

user32

GetWindowTextLengthW
SetWindowTextW
GetDlgItem
IsWindow
GetWindowTextW
GetClassInfoExW
BeginPaint
DestroyAcceleratorTable
DefWindowProcW
GetDC
GetWindowLongW
RegisterClassExW
MoveWindow
CallWindowProcW
GetSysColor
DestroyWindow
GetParent
GetDesktopWindow
IsChild
InvalidateRect
InvalidateRgn
FillRect
SetFocus
CreateAcceleratorTableW
LoadCursorW
MessageBoxW
SetCapture
ReleaseCapture
EndPaint
CreateWindowExW
RegisterWindowMessageW
RedrawWindow
GetClassNameW
ScreenToClient
GetClientRect
GetWindow
ClientToScreen
ReleaseDC
CharNextW
SendMessageW
GetFocus
SetWindowLongW
SetWindowPos
UnregisterClassA

gdi32

DeleteObject
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
DeleteDC
GetStockObject
GetDeviceCaps
GetObjectW
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW

ole32

OleInitialize
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CLSIDFromString
OleUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoGetClassObject

oleaut32

SysFreeString
VarBstrCmp
VariantChangeType
VariantCopy
LoadTypeLi
OleCreateFontIndirect
VariantInit
VariantClear
LoadRegTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringByteLen
LoadTypeLibEx
SysAllocString
SysAllocStringByteLen
SysStringLen

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5d36b4d32c9edd4c3f52df299c605e4

Headers

File Characteristics

PDB Paths

Imports

wininet

ws2_32

imagehlp

iphlpapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 416KB - Virtual size: 414KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 32KB - Virtual size: 30KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 416KB - Virtual size: 414KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 32KB - Virtual size: 30KB

.reloc
Size: 32KB - Virtual size: 28KB