3df95ed007db27943c675d191684ab7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3df95ed007db27943c675d191684ab7e_JaffaCakes118
Size

262KB
MD5

3df95ed007db27943c675d191684ab7e
SHA1

2b07920c20385c968929a615f7bbf0b67748d7de
SHA256

1c0fb21f284e948839e517134cbd501eefacf2dcec0790a8d42865ccd3692e5f
SHA512

39a48cd83b36e9b292d613247266d851b24437d1065f5bd36db980b8c9cf120120e0254d4041de5eb6a25d1152b70b793faf709e591b5d39d2a6a9733f8a8dc2
SSDEEP

6144:YhKn46xVi0YgOPtqvhAu4TBbp9Qlb9y3z:aW4h0YXPt4hAu4T9rEA3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3df95ed007db27943c675d191684ab7e_JaffaCakes118

Files

3df95ed007db27943c675d191684ab7e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ae37e2be3e186d0e964ebe587278217e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
CreateMutexW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
GetComputerNameW
GetModuleFileNameW
DisableThreadLibraryCalls
CreateThread
WaitForSingleObject
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
VirtualQuery
VirtualProtect
WriteProcessMemory
GetCurrentProcess
Sleep
CreateFileW
GetFileSize
ReadFile
CreateDirectoryW
DeleteFileW
GetVersionExW
GetLocalTime
SetFilePointer
CloseHandle
lstrcatW
lstrcpyW
RaiseException
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
lstrlenA
FindResourceW
FindResourceExW
SizeofResource
LockResource
LoadResource
GetLastError
lstrlenW
WideCharToMultiByte
WriteFile
MultiByteToWideChar
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetModuleHandleA
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc

user32

FindWindowExW
GetWindow
wvsprintfW
EnumWindows
CharLowerW
IsIconic
GetAncestor
GetWindowThreadProcessId
mouse_event
SetCursorPos
GetWindowRect
GetCursorPos
GetForegroundWindow
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
CreateWindowExW
SendMessageW
IsWindow
DestroyWindow

gdi32

CreateFontW
DeleteObject

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateStaticFromData

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear

shlwapi

PathFileExistsW
PathFileExistsA

oleacc

AccessibleObjectFromWindow
AccessibleChildren

wsock32

htons
send
recv
select
closesocket
shutdown
connect
WSAStartup
WSACleanup
WSAGetLastError
getservbyname
ioctlsocket
gethostbyname
socket

wininet

FtpPutFileW
InternetCloseHandle
InternetConnectW
InternetOpenW

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae37e2be3e186d0e964ebe587278217e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

oleacc

wsock32

wininet

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB