8dd8c0d1288250d51d006ba5f3a57d08_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8dd8c0d1288250d51d006ba5f3a57d08_JaffaCakes118
Size

80KB
MD5

8dd8c0d1288250d51d006ba5f3a57d08
SHA1

38ff667575d91d71fbfc8f2ffb4a1cbc4c791cff
SHA256

7f7287e16eec50c8eb173e122be0253112cbc54cf9e41470e08fb5bb3dd1d93b
SHA512

ef716c3b91cfbe05e2873c841af4ca84d6878f6d03e8376515634cc87db2783362e4fbdd4a26b71082f52fa426311e99b4763adaadf217c7a0e355f27082486d
SSDEEP

1536:O/CDY/8/tq5lweRpo4lFa6TbkTBgLJQzZG37l73d:fs/8/4ces7iOFG37l73d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dd8c0d1288250d51d006ba5f3a57d08_JaffaCakes118

Files

8dd8c0d1288250d51d006ba5f3a57d08_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c9fad36f2b112720df2eee817e727db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
CloseHandle
GetFileSize
CreateFileA
TerminateProcess
DeleteFileA
GetTempPathA
WriteFile
GetSystemTime
GetLogicalDrives
SetEvent
CreateEventA
TerminateThread
CreateRemoteThread
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
GetProcAddress
Sleep
CreateMutexA
GetVolumeInformationA
GetComputerNameA
SetEndOfFile
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
WaitForSingleObject
ReleaseMutex
CreateThread
GetModuleHandleA
GetSystemDirectoryA
CreateProcessA
WaitForMultipleObjects
LoadLibraryA
HeapReAlloc
GetSystemInfo
VirtualAlloc
VirtualProtect
InitializeCriticalSection
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
MultiByteToWideChar
CompareStringA
SetFilePointer
VirtualQuery
InterlockedExchange
RtlUnwind
UnhandledExceptionFilter
VirtualFree
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WideCharToMultiByte
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetLastError
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate

user32

CallNextHookEx
SetWindowsHookExA
DestroyWindow
DefWindowProcA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
SetTimer
UnhookWindowsHookEx

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

urlmon

URLDownloadToFileA

ws2_32

send
recv
connect
closesocket
shutdown
ioctlsocket
WSAAsyncSelect
WSACleanup
WSAIoctl
setsockopt
accept
bind
htons
htonl
socket
WSAStartup
inet_addr

Exports

Exports

EventWinlogon
SetConnection

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c9fad36f2b112720df2eee817e727db

Headers

File Characteristics

Imports

kernel32

user32

advapi32

urlmon

ws2_32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 8KB - Virtual size: 4KB