4d1aa560b3b01f1ee8feccd0cdf36c43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d1aa560b3b01f1ee8feccd0cdf36c43_JaffaCakes118
Size

110KB
MD5

4d1aa560b3b01f1ee8feccd0cdf36c43
SHA1

be50899bb28697ee4bb6dc1dd04db02417a274b2
SHA256

c2e7bf65bb6a81436798b1803d0e5dfa9aeeafb09bbf366e284533cae7bd395f
SHA512

1c5c2e98fc85844777113c1dea96da8a5f5ed0d53ea2615c9038a9c90358a29fd80772aff5977c7fe72d4fdccf500db5db326aa948f3268d4c2658b3128e85d4
SSDEEP

1536:WdAuU1+5fr6CYs9Ms1feZLbHXdGd2I7uXezNkXJCBmB8VX7td/kK8EiaU:Wyuq+527HjZHdGd2IRZCurtd/knvaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1aa560b3b01f1ee8feccd0cdf36c43_JaffaCakes118

Files

4d1aa560b3b01f1ee8feccd0cdf36c43_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f99f6bb90c1bdbb419d14b3b4358023b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GlobalFree
LocalAlloc
ReleaseMutex
GetModuleHandleA
GetExitCodeThread
CreateThread
FlushInstructionCache
VirtualQuery
SetEvent
CreateEventA
GetVersionExA
OpenProcess
WaitForMultipleObjects
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateMutexA
OutputDebugStringA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
PulseEvent
GetModuleFileNameA
SleepEx
InterlockedDecrement
InterlockedIncrement
ResumeThread
GetThreadContext
ReadFile
CreateFileA
GetFileAttributesA
GetFileAttributesW
GetLongPathNameA
ExpandEnvironmentStringsA
GetModuleHandleW
ReadProcessMemory
GetLastError
VirtualQueryEx
VirtualProtectEx
CreateRemoteThread
WaitForSingleObject
CloseHandle
VirtualFreeEx
GetSystemDirectoryA
LoadLibraryA
GetCurrentProcess
InitializeCriticalSection
GetCurrentProcessId
GetProcAddress
FreeLibrary
lstrlenW
WideCharToMultiByte
lstrlenA
ResetEvent
MultiByteToWideChar

user32

SetDlgItemTextA
ShowWindow
GetDlgItem
EndDialog
GetDlgItemTextA
DialogBoxParamA
MessageBoxW
LoadStringW
GetWindowThreadProcessId
FindWindowA
CharLowerA

ws2_32

WSAEnumNetworkEvents
WSASetEvent
WSAAccept
closesocket
WSASocketA
bind
listen
getsockname
WSAStringToAddressA
gethostname
WSAConnect
WSAAddressToStringA
getsockopt
getservbyport
setsockopt
gethostbyname
WSAGetLastError
htons
getservbyname
inet_ntoa
ntohs
inet_addr
htonl
WSARecv
WSASend
WSAStartup
ntohl
WSASetLastError
WSAWaitForMultipleEvents
WSAEventSelect
gethostbyaddr

ntdll

RtlUnwind
LdrLoadDll
LdrGetDllHandle
LdrGetProcedureAddress
LdrFindEntryForAddress
NtProtectVirtualMemory
NtSetSystemInformation
wcschr
_strnicmp
_alldiv
isdigit
memmove
isalpha
memcmp
ceil
strpbrk
_ftol
pow
_chkstk
atoi
_strcmpi
strstr
_itow
wcsstr
_vsnprintf
wcslen
tolower
sprintf
strncpy
strtoul
strcat
_itoa
_stricmp
strncmp
memcpy
_alloca_probe
strchr
strcmp
strlen
memset
strcpy
_strlwr

crypt32

CertFindChainInStore
CertGetNameStringA
CertGetCertificateContextProperty
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore

wininet

InternetSetOptionA
InternetQueryOptionA

dnsapi

DnsRecordListFree
DnsQuery_A

psapi

GetModuleFileNameExA

advapi32

DeregisterEventSource
EqualSid
OpenProcessToken
GetTokenInformation
RegQueryValueExA
RegCreateKeyExA
ReportEventA
RegisterEventSourceA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0Init@ios_base@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcrt

__dllonexit
_mbsrchr
time
_mbslwr
_mbsicmp
malloc
_onexit
calloc
free
__CxxFrameHandler
strtok
_adjust_fdiv
_initterm
??2@YAPAXI@Z

Exports

Exports

DForceLoad
GetDbgPrint
GetLogLevel
GetRelayInterfaceVersion
InitRelay
IsSiteTrusted
IsSupportedOS
RelayBrowserSpecific
RelayExplorer
RelayGetGateway
RelayGetGatewayName
RelayGetReceived
RelayGetSent
SetDbgLogLevel
SetDbgPrint
SetLogLevel

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f99f6bb90c1bdbb419d14b3b4358023b

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

ntdll

crypt32

wininet

dnsapi

psapi

advapi32

ole32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 7KB - Virtual size: 37KB

.shared Size: 512B - Virtual size: 32B

.sxdata Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 7KB - Virtual size: 37KB

.shared
Size: 512B - Virtual size: 32B

.sxdata
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB