5f4fb6b0baa1543ee73f134a2339703d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f4fb6b0baa1543ee73f134a2339703d_JaffaCakes118
Size

132KB
MD5

5f4fb6b0baa1543ee73f134a2339703d
SHA1

27f92d7b8fd511af00f1b284b39a06fedb48d823
SHA256

83f56612479b8f4a339b6f35e45d1b58a229da1dc7a77e9d2904f0a1d93102b2
SHA512

fb10974493d45f66125a31d9726b442e31bad3891e5bdc8aa52a80e267194c0d39d8bd7977f41267f5e0fa16806f34044c2e5eb9e3f3de26b1096f47b84f304d
SSDEEP

3072:NV13Vw7R8yZ3zGRH+RdITNh1W7ePTBfCzBPFzdCs:c7RnVzGswUKPTBq9P1dCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f4fb6b0baa1543ee73f134a2339703d_JaffaCakes118

Files

5f4fb6b0baa1543ee73f134a2339703d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

10a52bade709ac64c0c3133f1e79c257

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_snprintf
_strnicmp
strlen
strstr
_stricmp
memcmp
atoi
_itoa
memcpy
_ultoa
tolower
memset
_chkstk
_allmul
_alldiv

msvcrt

strtok

ws2_32

setsockopt
WSAGetLastError
WSAIoctl
bind
WSAGetOverlappedResult
WSAStartup
WSACreateEvent
shutdown
WSAWaitForMultipleEvents
WSASend
WSASocketW
closesocket
ntohl
WSASetLastError
getsockname
ntohs
listen
WSARecv

wininet

InternetConnectA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA

kernel32

EnterCriticalSection
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
HeapFree
WaitNamedPipeA
FindNextFileA
SetNamedPipeHandleState
HeapAlloc
GetSystemDirectoryA
GetVersionExA
FindClose
RemoveDirectoryA
TransactNamedPipe
HeapSetInformation
HeapCreate
FindFirstFileA
HeapDestroy
FreeLibrary
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
ExitProcess
GetFileAttributesExA
SetFileAttributesA
CreateDirectoryA
TlsGetValue
TlsAlloc
CreateEventA
TlsSetValue
ProcessIdToSessionId
Process32Next
Process32First
WriteProcessMemory
VirtualAllocEx
Thread32Next
GetModuleHandleA
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
CloseHandle
OpenThread
GetCurrentProcessId
lstrcpyA
CreateFileA
WaitForMultipleObjects
GetFileSize
ReadFile
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
lstrcatA
GetLocalTime
WaitForSingleObject
OpenMutexA
InterlockedCompareExchange
CreateMutexA
lstrlenA
SetEvent
TerminateThread
OutputDebugStringA
Sleep
DuplicateHandle
GetExitCodeThread
ReleaseMutex
FlushFileBuffers
OpenEventA
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCurrentThread
VirtualFree
GetFileInformationByHandle
GetLastError
SystemTimeToFileTime
lstrcmpiA
GetSystemTime
GetCurrentProcess
WriteFile
CreateThread
VirtualFreeEx
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
PeekNamedPipe
lstrcmpA
SetFilePointer
SetEndOfFile
GetTempFileNameA
DeleteCriticalSection
GetTempPathA
VirtualProtect
FlushInstructionCache
VirtualQuery
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
SetLastError
lstrcmpW
MultiByteToWideChar
DeleteFileA
CreateProcessA
GetTickCount
GetFileAttributesA
LoadLibraryA
CreateRemoteThread
OpenProcess

user32

SetForegroundWindow
ShowWindow
PeekMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
wsprintfA
DispatchMessageA

advapi32

ControlService
RegDeleteKeyA
OpenSCManagerA
RegCreateKeyExA
CloseServiceHandle
OpenServiceA
RegQueryValueExA
ChangeServiceConfigA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DllGetClassObject
EventStartup

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10a52bade709ac64c0c3133f1e79c257

Headers

File Characteristics

Imports

ntdll

msvcrt

ws2_32

wininet

oleaut32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 6KB