70c18c3a0538f73d6e4b5ad4306f4f94_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

70c18c3a0538f73d6e4b5ad4306f4f94_JaffaCakes118
Size

256KB
MD5

70c18c3a0538f73d6e4b5ad4306f4f94
SHA1

1db6478268e8a8b863e4888781632aec78237c5a
SHA256

e447896f41d8f0d57a72b563259e1886da7aa1c446e6d7730ed2232417082770
SHA512

e8da17a07b6d535839da0d77b334f4c0a4bc4783daf07663b0d34f5b1dcd11a41d09063a2d6df9f37ccaa15ba1a464dc5bcc7e5559bbb330d92e51f9833d7fbf
SSDEEP

3072:fW+endxMxERVSXgIpIsZBJTdSJFKNlAjkzgRj/aeUvRhkHHRoQ0oNRhQgT9k:KSXTTQKNlGkeIknRzFfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70c18c3a0538f73d6e4b5ad4306f4f94_JaffaCakes118

Files

70c18c3a0538f73d6e4b5ad4306f4f94_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9273f166285eefa2a27f7d73f3512cde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\prj\mod_20110818\release\hackthanh.pdb

Imports

wininet

InternetSetFilePointer
HttpSendRequestA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
HttpQueryInfoA
HttpOpenRequestA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable

kernel32

LCMapStringA
GetSystemTimeAsFileTime
FreeLibrary
CompareStringW
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LoadResource
LockResource
FindResourceA
FindResourceExA
Sleep
GetLastError
GetProcAddress
CompareStringA
InterlockedExchange
LoadLibraryA
LoadLibraryW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
ReadFile
SetEnvironmentVariableA
FlushFileBuffers
SizeofResource
HeapSize
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetStdHandle
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
CloseHandle
GetLocalTime
DeleteFileA
VirtualAlloc
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
VirtualFree
ExitProcess
GetFileType
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringW

user32

UnregisterClassA

advapi32

RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetServiceStatus

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Exports

Exports

ServiceMain
_HandlerEx@16

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9273f166285eefa2a27f7d73f3512cde

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 150KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 152KB - Virtual size: 150KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 20KB - Virtual size: 17KB