9774481cbe796850240284ed32afeed6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9774481cbe796850240284ed32afeed6_JaffaCakes118
Size

118KB
MD5

9774481cbe796850240284ed32afeed6
SHA1

3c0e758c7463190c14bb2655d92554bb6ed7abe0
SHA256

53119848dd5400a2768ab61680df11198e33983a722a58aef2f4e2dd0ead08dc
SHA512

830e097a9d009e3bbf13e70653d4a9a884aa8675e7e92b015f45b80d170fb3fbf9c3af0746bb23ce42a23b5aeecba101e1eac741fa04cd32344124f7870be1a5
SSDEEP

1536:4U57inkSbcWlgiFj8qqu6ooc4ayin1nOR1Dr7plKyTM3FezU7EtRbfFxJb:OhlPF7qu6iyin1n4Hz1tRzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9774481cbe796850240284ed32afeed6_JaffaCakes118

Files

9774481cbe796850240284ed32afeed6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bbc0c6c9bdbe0f53007b9e9c7da8ff47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateFileA
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
ReadFile
CloseHandle
GetCurrentProcess
GetTickCount
WriteFile
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
MoveFileExA
ExitThread
GetCurrentProcessId
GetLastError
CreateThread
ResetEvent
WaitForSingleObject
GetExitCodeThread
SetEvent
CreateEventW
InterlockedIncrement
DebugBreak
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetVersionExW
ExpandEnvironmentStringsA
GetSystemDirectoryA
ReleaseSemaphore
CreateSemaphoreW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
WaitForSingleObjectEx
CreateIoCompletionPort
WaitForMultipleObjectsEx
ExpandEnvironmentStringsW
HeapAlloc
HeapFree
WideCharToMultiByte
LoadLibraryW
HeapDestroy
HeapCreate
InterlockedDecrement
TlsSetValue
TlsFree
Sleep
TlsGetValue
TlsAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
VirtualAlloc
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
SetLastError
HeapSize
ExitProcess
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

PostQuitMessage
GetMessageW
TranslateMessage
DestroyWindow
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
PostMessageW
IsWindow
UnregisterClassW
CharLowerA

ole32

StringFromGUID2

ws2_32

htons
WSAStartup
WSACleanup
WSAGetLastError
WSASetLastError
WSCInstallProvider
WSCWriteProviderOrder
WSCGetProviderPath
WSCDeinstallProvider
WPUCompleteOverlappedRequest
WSCEnumProtocols
inet_addr

rpcrt4

UuidCreate

psapi

GetModuleBaseNameA

Exports

Exports

GetLspGuid
InstallLspDll
WSPStartup

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbc0c6c9bdbe0f53007b9e9c7da8ff47

Headers

File Characteristics

Imports

kernel32

user32

ole32

ws2_32

rpcrt4

psapi

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 8KB