76e9c408fbe41ff44fa74cef3ca72633_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76e9c408fbe41ff44fa74cef3ca72633_JaffaCakes118
Size

32KB
MD5

76e9c408fbe41ff44fa74cef3ca72633
SHA1

40a7915b4264af677befba3db9c442f352b82b0e
SHA256

38a6ca7eb6e05c8fd0b07bbfca393e7e6af80f10ab2404a28c89b986ce484014
SHA512

22538965b65b0c2e2f81ae2beaa4fb149a5aaf33b8b1aa378d4846ea1dcab6096005593eeaaedb69a40037fad19b31707e18f1d5c483c6c32d9fdac82148ec9c
SSDEEP

768:QrdIg48/++HzIutj/10GNPur2bDDITayXr/RkHIGxCWB:Qz48m+UK9u2s28nGgWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76e9c408fbe41ff44fa74cef3ca72633_JaffaCakes118

Files

76e9c408fbe41ff44fa74cef3ca72633_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f15252c1d3f5ac154352db03a97b394e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_XcptFilter
??_V@YAXPAX@Z
strcpy
malloc
free
_initterm
_amsg_exit
_adjust_fdiv
strrchr
memset
strtok
??_U@YAPAXI@Z
mbstowcs
atoi
_itoa
_atoi64
strlen
_i64toa
memmove
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
?terminate@@YAXXZ
rand
memcmp
_local_unwind2

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpQueryInfoA

shlwapi

StrRChrA
StrRChrIA
StrStrA
wnsprintfA
StrChrA
StrStrIA

kernel32

FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetPrivateProfileIntA
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
CreateMutexA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
CreateThread
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
LocalFree
GetModuleHandleA
GetTickCount
GetVolumeInformationA
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryA
CreateFileA
Sleep
lstrcpyA
lstrcatA
WriteFile
CloseHandle
GetFileSize
VirtualAlloc
ReadFile
GetSystemDirectoryA
lstrlenA
VirtualFree
OpenMutexA
GetSystemTimeAsFileTime
WritePrivateProfileStringA
GetPrivateProfileStringA
WaitForSingleObject
GetProcAddress
lstrcmpiA
GetVersionExA
GetTempPathA
SetFilePointer

user32

CallNextHookEx
PostMessageA
wsprintfA
CharUpperA
SetWindowsHookExA

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegFlushKey
SetSecurityInfo
SetEntriesInAclA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegSetValueA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
s

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f15252c1d3f5ac154352db03a97b394e

Headers

File Characteristics

Imports

msvcrt

wininet

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB