3f1fe2e5b3b8aac8f86d7363b92c71e0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f1fe2e5b3b8aac8f86d7363b92c71e0_JaffaCakes118
Size

130KB
MD5

3f1fe2e5b3b8aac8f86d7363b92c71e0
SHA1

bb59cc5e0040ede227332e7da1942264cd75ec4c
SHA256

81e5e73452aa8b14f6c6371af2dccab720a32fadfc032b3c8d96f9cdaab9e9df
SHA512

b18f45710bf980cca78ea615b0de4bde0ac7db14a381b1c1b4a14d806ee2900f9251ae94422cd5ac6adcc5ee634f52069e4ae8391862fd7af198b135af7ef703
SSDEEP

1536:M6MgGPhCuagPE2zN6tBwUlEX25KuBC8WHIjFsNAaNYvZuTVMGMqxfUMu84QFzWDQ:MwWhCuLPfIMC71ghxcDEenVaxatsFVh

Score

1^/10

Malware Config

Signatures

Files

3f1fe2e5b3b8aac8f86d7363b92c71e0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9324180d22419a7ab77103ff3ca6eff2

Code Sign

34:f0:1e:a2:04:9b:f2:4a:b7:30:7f:a6:1b:ab:da:ee
Certificate

Issuer

CN=IBM,1.2.840.113549.1.9.1=#0c0c696e666f4049424d2e636f6d

Not Before

01-01-2000 07:00

Not After

01-01-2099 07:00

Subject

CN=IBM,1.2.840.113549.1.9.1=#0c0c696e666f4049424d2e636f6d

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetConnectedStateExW

ws2_32

gethostbyname
WSACleanup
gethostname
WSAAddressToStringW
WSAStartup

kernel32

GetProcessHeap
ReadFile
CreateFileW
CloseHandle
lstrlenA
CreateRemoteThread
OpenProcess
ReadProcessMemory
lstrcatA
GetProcAddress
CopyFileA
VirtualAllocEx
GetModuleHandleA
DeleteFileA
lstrcatW
DeleteFileW
lstrcpyW
Sleep
HeapReAlloc
LoadLibraryA
LoadLibraryW
GetLastError
CreateFileA
CreateMutexW
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
CreateProcessW
GetModuleHandleExW
GetSystemDirectoryW
CopyFileW
FileTimeToSystemTime
GetModuleFileNameW
HeapFree
OpenMutexW
HeapSize
FindClose
Process32FirstW
CreateFileMappingW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
ReleaseMutex
GetWindowsDirectoryW
GetCurrentProcessId
SetFileAttributesW
TerminateProcess
GetSystemTime
GetTempFileNameW
WideCharToMultiByte
CreateProcessA
GetSystemDirectoryA
GetTempPathW
GetCurrentDirectoryA
WriteFile
HeapDestroy
lstrcpyA
GetDriveTypeW
GetCurrentProcess
GetLogicalDriveStringsW
GetComputerNameW
GetModuleHandleW
GetVersionExW
FreeLibrary
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapAlloc
GetFileSize
RtlUnwind
WriteConsoleW
SetFilePointer
lstrlenW
SetStdHandle
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStringTypeW
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
ExitProcess
GetStdHandle
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
MultiByteToWideChar
RaiseException
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

wsprintfW
GetCursorPos

advapi32

CryptGenRandom
CryptReleaseContext
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
CryptAcquireContextA

shell32

SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW

Exports

Exports

AGTwLoad
AGTwRec
BD
CF
GPI
OF
RenameExecute
RunDllEntry
RunReg
SendThisFile
SharedRegistry
UB
VD

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9324180d22419a7ab77103ff3ca6eff2

Code Sign

34:f0:1e:a2:04:9b:f2:4a:b7:30:7f:a6:1b:ab:da:eeCertificate

Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

34:f0:1e:a2:04:9b:f2:4a:b7:30:7f:a6:1b:ab:da:ee
Certificate

.text
Size: 86KB - Virtual size: 86KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB