46ef69bf3967936acd75d2cebcf301c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46ef69bf3967936acd75d2cebcf301c1_JaffaCakes118
Size

104KB
MD5

46ef69bf3967936acd75d2cebcf301c1
SHA1

66fe8f9cf9d23cb9a3b7e79ebd660916edf5939c
SHA256

2bd7648973103172ede4f0fe7a241e68793de7534b2fc6521467e65ff9d01f1c
SHA512

f46e7fd72c0f179d20f96106ae283230693547955167aaed0382ba4dfb0c408a8c93eba386a225af5961bc7298e8cab96f9c27e5637833f7d01b1cd20651d256
SSDEEP

1536:MXz/DhIq3kL3U3os+nKK6QOIu/UhuwcJtjCvCWhpKcmht43lG8RBV:0/d2L3zs+KMYqATWnuD43lG8Rr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46ef69bf3967936acd75d2cebcf301c1_JaffaCakes118

Files

46ef69bf3967936acd75d2cebcf301c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1cfb710a7729d310a34147ae23ab729b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo
GetIpAddrTable

wininet

HttpSendRequestA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
InternetOpenA
InternetSetCookieA
InternetConnectA
InternetCloseHandle
HttpAddRequestHeadersA

netapi32

NetApiBufferFree
NetUserEnum

ws2_32

WSACleanup
gethostbyaddr
WSAStartup

shlwapi

PathFileExistsA
StrStrIA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

psapi

GetModuleFileNameExA

kernel32

EnterCriticalSection
CreateToolhelp32Snapshot
GetProcessHeap
SetEndOfFile
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetCPInfo
WriteFile
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
DeviceIoControl
FormatMessageA
LocalFree
LocalAlloc
CloseHandle
CreateFileA
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
SetFilePointer
GetModuleFileNameA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcatA
GetVolumeInformationA
lstrcpyA
LoadLibraryA
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
FindClose
FindNextFileA
FindFirstFileA
GlobalMemoryStatus
Process32Next
OpenProcess
Process32First
LeaveCriticalSection
FreeLibraryAndExitThread
FreeLibrary
GetLocalTime
lstrcmpW
lstrcpynA
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceExA
SetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
WaitForSingleObject
CreateThread
HeapAlloc
HeapFree
VirtualProtect
VirtualQuery
RtlUnwind
GetCommandLineA
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter

user32

wvsprintfA
wsprintfA
EnumDisplayDevicesA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
GetKeyboardLayoutList

advapi32

RegEnumValueA
RegCreateKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegFlushKey
RegOpenKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

Exports

Exports

_DllMain@12
do_work
do_work_ap
do_work_bk
do_work_dw
do_work_ec
do_work_fm
do_work_go
do_work_ls
do_work_pk
do_work_sv
do_work_tz

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cfb710a7729d310a34147ae23ab729b

Headers

File Characteristics

Imports

iphlpapi

wininet

netapi32

ws2_32

shlwapi

setupapi

psapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 5KB