418bfc05240ec86b91181f38bd751ccb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

418bfc05240ec86b91181f38bd751ccb_JaffaCakes118
Size

128KB
MD5

418bfc05240ec86b91181f38bd751ccb
SHA1

870153e6cbc0534a1d769a3e2f60637d40e4a6a4
SHA256

d5e3122a263d3f66dcfa7c2fed25c2b8a3be725b2c934fa9d9ef4c5aefbc6cb9
SHA512

4bfbebd2be71bf90f241b32c1631266a6de9da0f3979f7cb6dc482669b7cf2176e2ecf79cf11d2d6f7574a4aef23845f911d902725ab837bb327068abb80f4e1
SSDEEP

1536:U80R5LvErAb73EWGv9LpxLwho46CQwUlEX25KuBC8WHIjFsEAaNYvZuTVMGMqxfB:S53Evrxio8CAHghxcVRutVusr22vsu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
418bfc05240ec86b91181f38bd751ccb_JaffaCakes118

Files

418bfc05240ec86b91181f38bd751ccb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

057ac0e036609c73ca15060e9245e3d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetConnectW
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
InternetGetConnectedStateExW

ws2_32

WSACleanup
WSAAddressToStringW
gethostname
WSAStartup
gethostbyname

kernel32

FlushFileBuffers
GetConsoleMode
GetFileSize
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
CreateFileW
CloseHandle
lstrlenA
CreateRemoteThread
OpenProcess
ReadProcessMemory
lstrcatA
GetProcAddress
CopyFileA
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
DeleteFileA
lstrcatW
DeleteFileW
lstrcpyW
Sleep
HeapReAlloc
LoadLibraryW
GetLastError
CreateFileA
CreateMutexW
FindFirstFileW
SetFilePointer
CreateProcessW
GetModuleHandleExW
WriteFile
CopyFileW
FileTimeToSystemTime
GetModuleFileNameW
lstrlenW
OpenMutexW
HeapSize
FindClose
Process32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
ReleaseMutex
GetWindowsDirectoryW
GetCurrentProcessId
SetFileAttributesW
TerminateProcess
GetSystemTime
GetTempFileNameW
WideCharToMultiByte
CreateProcessA
GetSystemDirectoryA
GetTempPathW
GetCurrentDirectoryA
HeapDestroy
lstrcpyA
GetDriveTypeW
GetCurrentProcess
GetLogicalDriveStringsW
GetComputerNameW
GetModuleHandleW
SetStdHandle
FreeLibrary
LoadLibraryA
GetConsoleCP
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetStringTypeW
RtlUnwind
WriteConsoleW
GetSystemDirectoryW
GetVersionExW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitThread
GetCurrentThreadId
CreateThread
DecodePointer
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
ExitProcess
GetStdHandle
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
MultiByteToWideChar
RaiseException
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA

user32

GetCursorPos
wsprintfW

advapi32

CryptGenRandom
CryptReleaseContext
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
CryptAcquireContextA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetFolderPathW

Exports

Exports

AGTwLoad
AGTwRec
BD
CF
GPI
OF
RenameExecute
RunDllEntry
RunReg
SendThisFile
SharedRegistry
UB
VD

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

057ac0e036609c73ca15060e9245e3d1

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB