46f722ff013a8fa12fcc5e8960133d60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46f722ff013a8fa12fcc5e8960133d60_JaffaCakes118
Size

556KB
MD5

46f722ff013a8fa12fcc5e8960133d60
SHA1

d88102cec1f661d0ffaa3da0c06e182afb612a43
SHA256

d78ff7d5bb617cdf7c9a05e662543675aa04839fbda60b57cb732251690074bb
SHA512

26e08e3147cbbc96a0d31d0d56886de7d39148cd89b3f9028e94e586df33b6a08d85c378558a18a813daf931beb23bf7dad3a393dab1a1222855b666df93c448
SSDEEP

12288:i3w+3SSD08UGEz+SnoxgkXBMueINgsoaS0y3l+J3:iLxuzhoxFXBMueINgsoacW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46f722ff013a8fa12fcc5e8960133d60_JaffaCakes118

Files

46f722ff013a8fa12fcc5e8960133d60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

592409494c601c55e01eb433d348527b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shfolder

SHGetFolderPathA

wininet

HttpAddRequestHeadersA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetQueryOptionA
InternetCrackUrlA
InternetReadFile
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetOpenA
InternetGetCookieA
InternetOpenUrlA
InternetSetCookieA

ws2_32

gethostbyaddr
WSAStartup
WSACleanup

rpcrt4

UuidToStringA

kernel32

GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetVolumeInformationA
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
CloseHandle
SetEvent
CreateEventA
ReadFile
SetFilePointer
CreateFileA
VirtualFree
VirtualAlloc
GetFileSize
SetFileAttributesA
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryA
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
MoveFileA
DeleteFileA
GetModuleFileNameA
OpenEventA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
CreateMutexA
GlobalAlloc
InterlockedCompareExchange
SetWaitableTimer
CreateWaitableTimerA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
lstrcatA
lstrcpynA
ExitProcess
FreeLibraryAndExitThread
TerminateThread
GetExitCodeThread
OpenMutexA
GetStartupInfoA
SystemTimeToFileTime
GetLocalTime
CopyFileA
GetModuleHandleA
GetCurrentProcessId
SetErrorMode
SetUnhandledExceptionFilter
SetEndOfFile
GetWindowsDirectoryA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
OpenSemaphoreA
CreateDirectoryA
FindCloseChangeNotification
FindClose
CompareFileTime
FindNextFileA
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetFileAttributesA
CreateProcessA
GetTempPathA
GetShortPathNameA
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenFileMappingA
FlushFileBuffers
ExitThread
CancelWaitableTimer
OpenWaitableTimerA
GetTickCount
IsBadReadPtr
GetDiskFreeSpaceExA
SetCurrentDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemTime
ExpandEnvironmentStringsA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetSystemDirectoryA
SetStdHandle
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
CreateThread

user32

GetPropA
GetParent
MsgWaitForMultipleObjects
SetPropA
PeekMessageA
GetDesktopWindow
CreateWindowExA
GetMessageA
DispatchMessageA
PostMessageA
GetWindowTextA
GetClassNameA
SetWindowPos
RemovePropA
CallWindowProcA
DefWindowProcA
FindWindowExA
GetDlgItem
wsprintfA
GetSystemMetrics
SetWindowsHookExA
CallNextHookEx
TranslateMessage
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
GetFocus
SetActiveWindow
GetForegroundWindow
GetKeyboardLayoutList
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
LoadStringA
wvsprintfA
SetWindowLongA

advapi32

RegOpenKeyA
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
SetNamedSecurityInfoA
SetEntriesInAclA
SetSecurityInfo
AdjustTokenPrivileges
RegEnumValueA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance
OleRun
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoInitializeSecurity
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysAllocString
SysStringLen
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
GetErrorInfo
SysFreeString

shlwapi

SHDeleteKeyA
StrCmpNIA
SHDeleteValueA
StrStrIA
StrRChrA
StrChrA
UrlEscapeA
PathFileExistsA

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
SetVM
SysLogoff
SysLogon

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MYSEC
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.newsec
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

592409494c601c55e01eb433d348527b

Headers

File Characteristics

Imports

shfolder

wininet

ws2_32

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 396KB - Virtual size: 394KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 8KB - Virtual size: 30KB

.MYSEC Size: 4KB - Virtual size: 8B

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 32KB - Virtual size: 28KB

.newsec Size: 12KB - Virtual size: 12KB

.text
Size: 396KB - Virtual size: 394KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 8KB - Virtual size: 30KB

.MYSEC
Size: 4KB - Virtual size: 8B

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 32KB - Virtual size: 28KB

.newsec
Size: 12KB - Virtual size: 12KB