444515c899a9c7b13f64792ff990652b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

444515c899a9c7b13f64792ff990652b_JaffaCakes118
Size

72KB
MD5

444515c899a9c7b13f64792ff990652b
SHA1

921f19748903b48df1cd33bf229ced11523981b5
SHA256

eacb0b822e111ff386b86644d39035e424d4bf06e9bee25ee87fc295b0e62761
SHA512

f1cdd83eea6a25a642856577f02d65e94020dd957cf35a3fcb4e6dcdf077299f1cacc08defd9cc697da410910774fa0f8edcffbab73e8bfee215d6209bb0d444
SSDEEP

1536:wI93ZLvzPLRHdaBk7RaY0zDhC6LULdUrxYXHus09N1hEBupty3TTdsYo0v:wI93ZLvzV9bRazD0FuxY3us09N4ufQPv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
444515c899a9c7b13f64792ff990652b_JaffaCakes118

Files

444515c899a9c7b13f64792ff990652b_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
select
WSAGetLastError
closesocket
socket
shutdown
__WSAFDIsSet
inet_addr
sendto
connect
htons
recv
send
gethostbyname
WSAStartup

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

urlmon

ObtainUserAgentString

kernel32

CreateProcessA
IsBadWritePtr
GetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
DeleteCriticalSection
GetVersionExA
CloseHandle
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleExA
SetEvent
Sleep
CreateEventA
ResetEvent
GetModuleFileNameA
OpenProcess
GetTickCount
VirtualProtect
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
OpenEventA
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushInstructionCache
SetNamedPipeHandleState
WaitForMultipleObjects
InitializeCriticalSection
WriteFile
WaitForSingleObject
FreeLibrary
CreateFileA
lstrcpyA
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpynA
CreateEventW
lstrcmpA
GetComputerNameExA
GetLocalTime
MultiByteToWideChar
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcess
CreateThread
CreateNamedPipeA

advapi32

CryptExportKey
CryptAcquireContextW
RegOpenKeyA
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
CryptReleaseContext
CryptGetHashParam
CryptImportKey
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt

wininet

InternetTimeFromSystemTimeA
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpAddRequestHeadersA
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectW
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA

dnsapi

DnsFree
DnsQuery_A

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

Init

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

crypt32

urlmon

kernel32

advapi32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 4KB