605b3018e036ebe3a62d3279e694c518_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

605b3018e036ebe3a62d3279e694c518_JaffaCakes118
Size

26KB
MD5

605b3018e036ebe3a62d3279e694c518
SHA1

1f7f6c3c53d0697ff8d298d0f13424536b064620
SHA256

66252c14c9094370f6337cce7cd2cbf456606dbe526543b38894472b6d440b2d
SHA512

68263974f00581e479a47d4b2127f03201fb289e4265e37229214f3b2cb447ff6d7dd8f58aa44685ba4685dc95ecad330e6005606e00b14639b37622e061c1a9
SSDEEP

384:hyx6U3unq4k5vtFN7lJfRGm8Xhjn/ZT+i4nuNrarrQo2k/CsvxT9+3pzV:0x6Uenq44FN7FGXlunKrcrQIqsvK3v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
605b3018e036ebe3a62d3279e694c518_JaffaCakes118

Files

605b3018e036ebe3a62d3279e694c518_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ff682b812d257bf0f030a0c897dc2c06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateEventA
LoadLibraryA
GetModuleHandleA
ResetEvent
WaitForSingleObject
FreeLibraryAndExitThread
SetThreadPriority
GetCurrentThread
ReleaseMutex
FreeLibrary
GetCurrentProcessId
SetEvent
CreateMutexA
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeSListHead
InterlockedPushEntrySList
GetTempPathA
InterlockedCompareExchange
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
GetProcAddress
GetPrivateProfileStringA
GetCurrentProcess
WriteFile
CreateFileA
GetShortPathNameA
GetTempFileNameA
WinExec
Sleep
CreateFileMappingA
DeleteFileA
OpenEventA
MapViewOfFile
UnmapViewOfFile
CloseHandle
InterlockedPopEntrySList

user32

GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
RegisterClassA
CreateWindowExA
UpdateWindow
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExA
EnumDesktopWindows
CallNextHookEx

advapi32

RegSetValueExA
RegEnumValueA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wininet

InternetCloseHandle
DeleteUrlCacheEntry
InternetReadFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpSendRequestA

urlmon

URLDownloadToFileA

ws2_32

setsockopt
WSACleanup
closesocket

msvcrt

memmove
_mbsinc
abs
memcmp
_ismbcspace
__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbsnbicmp
??2@YAPAXI@Z
malloc
free
strcpy
_mbscmp
time
_mbsupr
_ismbcprint
_snprintf
memset
_mbsrchr
_local_unwind2
_except_handler3
_EH_prolog
__CxxFrameHandler
sprintf
fopen
memcpy
_memicmp
_mbsicmp
fclose
strcat
_mbsstr
strlen
_mbsnbcpy
fgets

netapi32

Netbios

Exports

Exports

_DllMain@12

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff682b812d257bf0f030a0c897dc2c06

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

wininet

urlmon

ws2_32

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1KB - Virtual size: 1KB