8c58e4da2f617bbda1cccf1170a06f82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c58e4da2f617bbda1cccf1170a06f82_JaffaCakes118
Size

31KB
MD5

8c58e4da2f617bbda1cccf1170a06f82
SHA1

a0d15027ae18bc83967b26d9d61e531ae093bf41
SHA256

3a3fe4aa2336183b15a131d2ed98fd988c381cc2812d5ef823c0ed0350937617
SHA512

292302a4df06e3d5e6bbb0c0b37cf9631e903d5140736f4eb9b137f95480e811064589f1bb5c2571d60eefc4caa26a385a75e47baee778833ab1d1d1b29bb490
SSDEEP

768:MO+bz2ix8UT76WoSyEOoNnO5pbidXVEnK7WsKEtmJhi:MxbzfxzyEO709iBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c58e4da2f617bbda1cccf1170a06f82_JaffaCakes118

Files

8c58e4da2f617bbda1cccf1170a06f82_JaffaCakes118
.dll windows:4 windows x86 arch:x86

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
HeapDestroy
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetCurrentProcess
CloseHandle
GetLastError
GetCurrentThread
GetModuleFileNameA
InterlockedExchange
InitializeCriticalSection
CreateThread
DeleteCriticalSection
GetTempPathW
EnterCriticalSection
GetTickCount
LeaveCriticalSection
Sleep
FlushInstructionCache

user32

CharLowerW
CharNextW

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
RegCloseKey
RegQueryValueExA
RegCreateKeyA
OpenProcessToken

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
VariantClear
DispCallFunc
SysAllocStringLen
VariantInit
LoadRegTypeLi

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

msvcrt

strcpy
memcmp
_purecall
memcpy
strlen
wcscat
??2@YAPAXI@Z
wcsstr
wcslen
memset
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
wcscpy

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dasoc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de3352aa910a480bc73fbc2eb19fcdf3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shlwapi

wininet

msvcrt

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 5KB - Virtual size: 5KB

.dasoc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 5KB - Virtual size: 5KB

.dasoc
Size: 4KB - Virtual size: 4KB