8a5b4e0a3766a706c9fa557e0fa652c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a5b4e0a3766a706c9fa557e0fa652c3_JaffaCakes118
Size

82KB
MD5

8a5b4e0a3766a706c9fa557e0fa652c3
SHA1

1ec6b4b8d96395a85f72853f2595fe20dabf7525
SHA256

6569b6a307063b3ebcec8dbf4d70aa38dda22dd8b5a1620bc741297ebaaa1718
SHA512

b90e558aa4742f13df2bfacc26fdff873cd1e7d4337ced027f13ccde6cac18a991eb4880785ea5ae6199d3286427f23297ccfcc2000428a5fc07fe138a485c66
SSDEEP

1536:MgW02g9YYEmcsQ/6sXxeLou9sBGSbys4jTFyBbYKK3fmRLIpz:pX23mcsvgxeLqKs4HFyB9KvmRO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a5b4e0a3766a706c9fa557e0fa652c3_JaffaCakes118

Files

8a5b4e0a3766a706c9fa557e0fa652c3_JaffaCakes118
.dll windows:6 windows x64 arch:x64

dae315dcf9334a71aaf638fc992862ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
DeleteFileA
GetTempPathW
CreateFileW
GetSystemDirectoryA
CreateDirectoryW
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetTickCount
RegisterWaitForSingleObject
CreateProcessA
GetExitCodeProcess
UnregisterWait
PulseEvent
IsBadCodePtr
TlsFree
TlsAlloc
LeaveCriticalSection
ExitProcess
ResumeThread
GetModuleHandleA
WaitForMultipleObjects
lstrcpyA
GetCurrentProcessId
GetLastError
TerminateProcess
InitializeCriticalSection
WinExec
DeleteFileW
GetWindowsDirectoryW
CopyFileW
GetWindowsDirectoryA
SetFilePointer
lstrlenA
SuspendThread
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentThread
GetModuleHandleExA
CloseHandle
OpenEventA
lstrcatA
CreateEventA
lstrcmpiA
GetExitCodeThread
Sleep
SetEvent
WaitForSingleObject
CreateFileA
TlsGetValue
TlsSetValue
TerminateThread
GetCurrentThreadId
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MultiByteToWideChar
DeleteCriticalSection
SetErrorMode
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetVolumeInformationA
GetSystemInfo
QueryPerformanceFrequency
GetVersionExA
GetTempPathA
GetTickCount64
SetLastError
GetFileSize
WriteFile
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateDirectoryA
FindFirstFileA
FindClose
HeapReAlloc
VirtualQuery
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
VirtualAlloc
GetCurrentProcess
Process32First
ReadProcessMemory
GetModuleFileNameW
VirtualProtectEx
Process32Next
lstrcmpiW
CreateToolhelp32Snapshot
WriteProcessMemory
CreateMutexA
ReleaseMutex
GetLocalTime
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetThreadContext
CreateRemoteThread
GetFullPathNameA
GetLongPathNameA
SetUnhandledExceptionFilter
GetOverlappedResult
DeviceIoControl
lstrcmpA
GetCommandLineA

user32

wsprintfW
wsprintfA
wvsprintfA

advapi32

RegSetValueExA
OpenProcessToken
GetSidSubAuthority
GetUserNameW
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyA
LookupPrivilegeValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptDestroyKey
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyW
RegCreateKeyExA
RegNotifyChangeKeyValue
RegCloseKey
RegEnumValueA
RegDeleteValueA
InitiateSystemShutdownExA
CryptVerifySignatureA
CryptDestroyHash
CryptHashData

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoGetObject
CoCreateInstance
CoInitialize
IIDFromString

oleaut32

SysFreeString
SysAllocString

crypt32

CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetUserGetInfo

shlwapi

StrToIntA
StrStrIA
StrChrA
StrCmpNA
PathFindFileNameW
PathRemoveFileSpecW
SHSetValueA
SHDeleteValueA
SHGetValueA
StrCmpNIA

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
HttpOpenRequestA
InternetWriteFile
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA
InternetQueryDataAvailable
InternetSetOptionA
HttpEndRequestA

msvcrt

memset
__C_specific_handler

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae315dcf9334a71aaf638fc992862ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

netapi32

shlwapi

iphlpapi

wininet

msvcrt

Sections

.text Size: 59KB - Virtual size: 59KB

bss Size: - Virtual size: 2KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 360B

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 59KB - Virtual size: 59KB

bss
Size: - Virtual size: 2KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 360B

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 160B