62a8143a720f1728243d3a58f82a7f88_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

62a8143a720f1728243d3a58f82a7f88_JaffaCakes118
Size

102KB
MD5

62a8143a720f1728243d3a58f82a7f88
SHA1

ac9db44f150d76eda663df29b4d2d3dbc838cb82
SHA256

0b126f2c8a7aa822860122c2589ddcd00d12f09fe85dd1116e1499daa2f2365a
SHA512

dd20977faa49b2d49bd02c21a8b1dc468b32541fc463306e5e7954407ce6a274fa64a0f45c7db571b736ad6181b649db505b1cab503b71c770b5acbf49efaf9c
SSDEEP

1536:3UrfLjgcZEk2mDgIJH/9BOmTQJg5UUlzzoZjFfFODP4:EfPgcZ8CJHFBOX6lIjFNWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62a8143a720f1728243d3a58f82a7f88_JaffaCakes118

Files

62a8143a720f1728243d3a58f82a7f88_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

PulseEvent
InterlockedDecrement
WaitForMultipleObjects
ResetEvent
InterlockedIncrement
FreeLibraryAndExitThread
TerminateProcess
InterlockedCompareExchange
ReleaseMutex
SetEvent
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
GetLastError
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
VirtualFree
VirtualProtect
VirtualAlloc
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
Thread32First
Module32Next
Module32First
VirtualQuery
GetSystemInfo
QueryDosDeviceA
GetModuleHandleA
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
OpenThread
GetCurrentThreadId
ExitProcess
WriteFile
DeleteFileA
ReadFile
MoveFileA
SetFilePointer
lstrlenW
GetTempFileNameA
GetTempPathA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
CreateProcessA
CreatePipe
CreateFileMappingA
MapViewOfFile
GetFileSize
WaitForSingleObject
ExitThread
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateEventA
CreateThread
Sleep
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
CloseHandle
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetCurrentThread
Thread32Next
GetCurrentProcessId

user32

MessageBoxA
SetTimer
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
GetWindowTextA
PostMessageA
IsWindow
DispatchMessageA
TranslateMessage
ReleaseDC
FillRect
InflateRect
EnumDesktopWindows
GetClassNameA
EnumChildWindows
EnumWindows
OffsetRect
SetWindowPos
GetDlgItem
SendMessageA
EndDialog
KillTimer
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
ExitWindowsEx
GetParent
ShowWindow

gdi32

GetStockObject
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegEnumValueA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

wininet

HttpSendRequestExA
HttpEndRequestA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile

ws2_32

inet_ntoa
closesocket
WSAStartup
WSACleanup
setsockopt
gethostbyname

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_memicmp
_stricmp
??3@YAXPAX@Z
_mbsstr
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
time
_adjust_fdiv
_initterm
_onexit
__dllonexit
printf
atol
strstr
_ltoa
abs
wcsstr
_mbsnbcat
_mbslwr
_ismbcalpha
memmove
malloc
wcscmp
free
_mbscmp
_mbsupr
_snprintf
_except_handler3
_ismbcprint
memcmp
strncpy
_purecall
clock
memset
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
_mbschr
strlen
sprintf
strcpy
strcat

gdiplus

GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipFree
GdipDisposeImage
GdipSaveImageToStream
GdiplusStartup

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

shell32

SHGetFolderPathA

Exports

Exports

_LOADLIBRARY_DUMMY
_RunAs@16

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB