6ac93a68a6f129788fbbfadc4ccd57a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6ac93a68a6f129788fbbfadc4ccd57a3_JaffaCakes118
Size

48KB
MD5

6ac93a68a6f129788fbbfadc4ccd57a3
SHA1

19763f38951fa424e527b37e68539930ca3e0e95
SHA256

bea408a67b9d38798f999379463d2614ff62023c61c811114bcdcd614aa2e568
SHA512

0a796759f25f5d2b06cf5995e7185e1f6cdadfa817fa0acd4bcb38189557f66a746096efe00c4eb44ed18b1d2c18d49aa35808944713e4808771cd6f7ba7f392
SSDEEP

768:fA5QUnFMkTPwhdSWjpYBRLnly52i42dK4p8zvtxB9vq/QtzC9ipew5/WZ:o5QUnFxPApYDLn734p8btxBpq/QMgIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ac93a68a6f129788fbbfadc4ccd57a3_JaffaCakes118

Files

6ac93a68a6f129788fbbfadc4ccd57a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1ccb08676c163835341c54541bd441e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrA
StrDupA
StrStrIA
StrChrA

kernel32

CreateToolhelp32Snapshot
lstrcpyA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
WriteFile
ReadFile
CreateFileA
GetModuleFileNameA
DisableThreadLibraryCalls
ExitProcess
Sleep
GetTickCount
GetLastError
CreateThread
WaitForSingleObject
OpenMutexA
CreateMutexA
GetCurrentThread
Process32First
MoveFileA
lstrcatA
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
GetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetFileAttributesA
ReleaseMutex
GetTempPathA
lstrcmpiA
LocalFree
GetComputerNameA
GetSystemInfo
GetVolumeInformationA
lstrcpynA
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
TerminateProcess
CloseHandle
Process32Next
SetFilePointer

advapi32

RegSetValueExA
OpenThreadToken
RegQueryValueExA
ImpersonateSelf
RegOpenKeyExA
RegCloseKey
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteExA
ShellExecuteA

user32

wsprintfA
GetCursorPos
GetSystemMetrics

wininet

InternetGetConnectedState
FindCloseUrlCache
FindNextUrlCacheEntryA
InternetReadFile
InternetOpenUrlA
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
FindFirstUrlCacheEntryA

netapi32

NetScheduleJobEnum
NetScheduleJobDel
NetApiBufferFree
NetScheduleJobAdd

msvcrt

_strdup
_CxxThrowException
strncpy
??1type_info@@UAE@XZ
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
realloc
strcpy
strcat
free
_snprintf
sprintf
strstr
wcslen
srand
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_onexit
__dllonexit
_adjust_fdiv
printf
malloc
rand
_except_handler3
strcmp
strlen
_initterm

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
SysStringLen
SysAllocString

Exports

Exports

a
addNumbers

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ccb08676c163835341c54541bd441e0

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

user32

wininet

netapi32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 2KB