89a37c8ac96d4c24326d4998dfdf87ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89a37c8ac96d4c24326d4998dfdf87ee_JaffaCakes118
Size

236KB
MD5

89a37c8ac96d4c24326d4998dfdf87ee
SHA1

c8d0ca54763f1334e8eba10dd567ef37f48b0558
SHA256

b0822330d07d41e85a54f3ca62df4484276052c4689c4530f330802f68aaf6f9
SHA512

0e70095ea1ab33f48d07a3557d044f905813c1f6cbbbb7646d587ef62a84d494fa21b3c572c891fb1fa977721af5aef3fd9fdfb92c78563855b61c5625da9b63
SSDEEP

6144:pEHfa6rFIh4NnKx0+OzIzPHnrd2EULOZB:p+fa6BIW0uSHx4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89a37c8ac96d4c24326d4998dfdf87ee_JaffaCakes118

Files

89a37c8ac96d4c24326d4998dfdf87ee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e7c96f32f1c3ac9e97ad6c17450a1c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord518
ord785
ord4168
ord922
ord389
ord6426
ord5204
ord1074
ord5808
ord5356
ord5353
ord690
ord350
ord3616
ord3127
ord5651
ord6400
ord403
ord404
ord273
ord603
ord703
ord1871
ord6385
ord5186
ord3318
ord5442
ord1979
ord6874
ord547
ord5861
ord3181
ord1980
ord4058
ord3178
ord3319
ord3010
ord3304
ord3310
ord356
ord2770
ord668
ord4277
ord2781
ord6663
ord6648
ord926
ord2801
ord825
ord882
ord887
ord2740
ord879
ord880
ord5460
ord6571
ord665
ord354
ord521
ord6307
ord803
ord543
ord3584
ord924
ord940
ord5862
ord6144
ord812
ord559
ord5642
ord548
ord3811
ord5608
ord6142
ord5860
ord5621
ord6394
ord6383
ord5440
ord5450
ord2107
ord2841
ord3663
ord998
ord500
ord772
ord537
ord5607
ord1083
ord5600
ord773
ord501
ord2614
ord6662
ord4278
ord5710
ord2764
ord2763
ord859
ord2915
ord5572
ord6883
ord535
ord541
ord939
ord941
ord6143
ord801
ord540
ord1575
ord860
ord5683
ord4129
ord858
ord800
ord2818
ord1182
ord342
ord1253
ord1168
ord823
ord6877

msvcrt

fprintf
_mbscmp
rand
atoi
strncpy
_strnicmp
isalnum
_vsnprintf
fwrite
memmove
time
srand
printf
__CxxFrameHandler
strchr
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
rename
_stricmp
memcpy
_except_handler3
fopen
fclose
sprintf
_purecall

kernel32

RemoveDirectoryA
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
CreateDirectoryA
SetFileAttributesA
DeleteFileA
WinExec
ResumeThread
SuspendThread
FindFirstFileA
GetFileSize
FindNextFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetOverlappedResult
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
OpenProcess
GetVersion
lstrcpyA
CreateFileA
LocalFree
BeginUpdateResourceA
UpdateResourceA
FreeLibrary
LoadLibraryA
LoadResource
SizeofResource
LockResource
FindResourceExA
EnumResourceLanguagesA
GetLastError
lstrlenA
GetSystemInfo
GetVersionExA
FormatMessageA
SetLastError
GetCurrentDirectoryA
ResetEvent
GetLocalTime
CreateEventA
SetEvent
GetModuleHandleA
GetProcAddress
GetTickCount
Sleep
GetCurrentProcess
DuplicateHandle
WriteFile
PeekNamedPipe
ReadFile
TerminateProcess
SetThreadPriority
WaitForSingleObject
TerminateThread
CreateThread
CloseHandle
GetFileTime
GlobalMemoryStatus
lstrcmpiA
GetExitCodeThread
WaitForMultipleObjects
FileTimeToSystemTime
GetProcessTimes
GetTempFileNameA
GetTempPathA
GetCurrentThreadId
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetModuleFileNameA
GlobalReAlloc
CreateProcessA
GetSystemTime
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
SetPriorityClass
EndUpdateResourceA
CreatePipe
GetExitCodeProcess
LoadLibraryExA
DeviceIoControl

user32

DestroyWindow
SetWindowLongA
SendMessageA
wsprintfA
DispatchMessageA
TranslateMessage
PostMessageA
MessageBoxA
GetDesktopWindow
CloseDesktop
SetThreadDesktop
OpenDesktopA
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
GetDC
GetWindowDC
GetWindowRect
ReleaseDC
CreateWindowExA
PeekMessageA
EnumDesktopsA
GetSystemMetrics
GetProcessWindowStation
GetThreadDesktop

gdi32

GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject

advapi32

RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegSaveKeyA
RegDeleteKeyA
RegRestoreKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA

ws2_32

shutdown
sendto
setsockopt
bind
listen
WSAAsyncSelect
recvfrom
send
recv
connect
WSAGetLastError
closesocket
socket
getsockname
ntohs
WSAAsyncGetHostByName
htonl
gethostbyname
gethostname
inet_ntoa
inet_addr
htons
WSACleanup
WSAStartup
accept
WSACancelAsyncRequest

psapi

GetModuleFileNameExA
GetProcessMemoryInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllMain

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e7c96f32f1c3ac9e97ad6c17450a1c7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

psapi

version

shlwapi

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB