7860e60650149deb531cafe876972138_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7860e60650149deb531cafe876972138_JaffaCakes118
Size

203KB
MD5

7860e60650149deb531cafe876972138
SHA1

a5a82929f22564fe6b1d6a8b635e2af67489910f
SHA256

a14c44b2ec97121168747f738a9659af222620836d6ab45f5fb48337fff8975d
SHA512

98404e0a060fa849414e2e2698849dd0e597322225e49035975de996d63dbf3463b96c415265d9a6aac881d5369f58ff9a92e85a05e037d2cb8dfbf9bc5c27cf
SSDEEP

3072:BgOsxvfG5r/Ep2rk5AlP+jrgZNiPgR+WFrd1aVs3l/Anj+:BgOufOr/Ks+jrgZNsI+WFrd1MsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7860e60650149deb531cafe876972138_JaffaCakes118

Files

7860e60650149deb531cafe876972138_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0a862d16dc00eaa7b79749affe3c8466

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
CloseHandle
CreateFileA
GetTempPathA
Sleep
WriteFile
ReadFile
GetFileSize
Thread32Next
TerminateThread
GetThreadPriority
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetThreadPriority
TerminateProcess
CreateEventA
OpenEventA
GetTickCount
OutputDebugStringA
GetCommandLineA
GetWindowsDirectoryA
Process32Next
Process32First
GetVolumeInformationA
GetComputerNameA
GetVersionExA
GetLocalTime
CreateProcessA
OpenProcess
GetSystemDirectoryA
GetCurrentThreadId
DeviceIoControl
ExitProcess
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateThread
CreateRemoteThread
VirtualAllocEx
GetLastError
SetErrorMode
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
SetFilePointer
IsBadWritePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalFree
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
WaitForSingleObject
WideCharToMultiByte
GetFileType
SetHandleCount
GetStdHandle
InitializeCriticalSection
LeaveCriticalSection
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetVersion
HeapFree
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
EnterCriticalSection

user32

wsprintfA
UnhookWindowsHookEx
GetWindowThreadProcessId
PostMessageA
GetWindowTextA
EnumWindows
GetMessageA
PostThreadMessageA
GetInputState
ClipCursor
GetSystemMetrics

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

ws2_32

shutdown
closesocket
gethostbyname
connect
inet_addr
select
htons
ioctlsocket
socket
send
recv
__WSAFDIsSet
WSACleanup
WSAStartup
getpeername
inet_ntoa

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
OpenProcessToken

netapi32

Netbios

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a862d16dc00eaa7b79749affe3c8466

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

netapi32

iphlpapi

Sections

.text Size: 182KB - Virtual size: 182KB

zdata Size: 9KB - Virtual size: 9KB

vdata Size: 1024B - Virtual size: 1024B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 182KB - Virtual size: 182KB

zdata
Size: 9KB - Virtual size: 9KB

vdata
Size: 1024B - Virtual size: 1024B

.reloc
Size: 9KB - Virtual size: 9KB