7147d8f128b5b2fd1d978216bbcee1e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7147d8f128b5b2fd1d978216bbcee1e8_JaffaCakes118
Size

76KB
MD5

7147d8f128b5b2fd1d978216bbcee1e8
SHA1

75b13882bc1a97b7a1839e6132965652c1964f25
SHA256

b7032fe5691874b2fc28bc9a8a0d3d32b289af88fe9d01a4c8d6c7dfa16b6792
SHA512

dbe6a4c5892e47aa88a86a6d7370f01f515e2990edc7c0d8cb5da9742eb9b2fc5b5cd7c67dea0992d2f5e4699356f92c452636448833680149b37051f0c17771
SSDEEP

1536:XztrHcl1XQpZcaUZQC5JNoHrku72Vurfv057:jtrm2Zcz13uprfv057

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7147d8f128b5b2fd1d978216bbcee1e8_JaffaCakes118

Files

7147d8f128b5b2fd1d978216bbcee1e8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

34916d4959f6aa97db62c0cf1148db06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
CreateNamedPipeW
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
Sleep
CopyFileW
GetExitCodeProcess
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetLastError
WaitForSingleObject
GetProcAddress
ResetEvent
SetNamedPipeHandleState
lstrcmpiW
lstrcatW
OpenEventW
GetCurrentThreadId
CloseHandle
GetSystemTime
GetComputerNameW
lstrcpyW
GetVolumeInformationW
CreateProcessW
FreeLibrary
PeekNamedPipe
GetFileSize
SetLastError
GetCommandLineW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ExitThread
CreateThread
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

PeekMessageW
wsprintfW
wsprintfA

advapi32

RegCloseKey
RegFlushKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionW
InternetOpenW
InternetSetOptionW

urlmon

URLDownloadToFileW

winmm

timeGetTime

Exports

Exports

WinlogonLogoffEvent
WinlogonLogonEvent
WinlogonScreenSaverEvent
WinlogonStartShellEvent
update

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34916d4959f6aa97db62c0cf1148db06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

urlmon

winmm

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 6KB - Virtual size: 5KB