a346167ad3881db5cd777ba9c1b07da7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a346167ad3881db5cd777ba9c1b07da7_JaffaCakes118
Size

110KB
MD5

a346167ad3881db5cd777ba9c1b07da7
SHA1

fe0256bcc716d73112e3c41ec994ff2623466500
SHA256

c82a5ad0ade83b82eda1f31e6c0104c9ef8e062103d210fbd1ba71b812565536
SHA512

ece5877b19530b9b45c48163bb7c9eeaa53ee2242ba60cc1741a100fe96a26ce0081b16f59c8003403a0f6f41b21a6fa90d610a6e60c1296ed60b67d5cf0877c
SSDEEP

1536:9MaNMsjeLBSMwgrfP3yEEYp0UZwio43IRnQNQ/j/LY79BPfQDzoMKWUiT0yS:CtwWPy40UR3gnaEjAWoXWUiAX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a346167ad3881db5cd777ba9c1b07da7_JaffaCakes118

Files

a346167ad3881db5cd777ba9c1b07da7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1f7a2013f51ab6bd0c44ccffeec825b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrlenW
CreateEventA
SetEvent
lstrcpyA
SystemTimeToFileTime
GetSystemTime
IsBadReadPtr
lstrcatA
Sleep
GetLastError
MoveFileA
DeleteFileA
GetTempFileNameA
TerminateThread
GetCurrentThread
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
GetComputerNameA
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
GetEnvironmentVariableA
LocalFree
LocalAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
lstrlenA
GlobalAlloc
GetFileTime
GetFullPathNameA
GetTempPathA
FileTimeToSystemTime
GetTimeZoneInformation
GetLocalTime
GetTickCount
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
ExitThread
GetModuleFileNameA
GetCurrentThreadId
WinExec
ReleaseSemaphore
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
FreeLibrary
GetVersion
MoveFileExA
CopyFileA
GetExitCodeProcess
SetFilePointer
CreateDirectoryA
RemoveDirectoryA
DisableThreadLibraryCalls
CreateMutexA
ReleaseMutex
ExitProcess
lstrcpynA
CreatePipe
GetStartupInfoA
GetSystemDirectoryA
OutputDebugStringA
CreateProcessA
WaitForSingleObject
PeekNamedPipe
ReadFile
TerminateProcess
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetFileAttributesA
GetSystemTimeAsFileTime
VirtualQuery
VirtualFree
VirtualAlloc
CreateFileA
WriteFile
CreateThread
CloseHandle
GlobalLock

user32

MessageBoxA
wsprintfA
wvsprintfA
GetSystemMetrics

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueA
RegDeleteValueA
RegNotifyChangeKeyValue
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

ntdll

RtlUnwind
memmove
strchr
tolower
_alldiv
_strcmpi
_chkstk
_allmul
NtAllocateVirtualMemory
NtQuerySystemInformation
NtFreeVirtualMemory
NtOpenProcess
NtClose
_strlwr
_strnicmp
strstr

ws2_32

inet_addr
recv
getsockname
connect
socket
bind
WSASetLastError
select
WSAGetLastError
gethostbyname
inet_ntoa
WSAStartup
gethostbyaddr
__WSAFDIsSet
accept
gethostname
ioctlsocket
shutdown
closesocket
sendto
ntohs
setsockopt
recvfrom
htonl
ntohl
htons
listen
send

dnsapi

DnsQuery_A
DnsRecordListFree

mapi32

ord19
ord11
ord21
ord23
ord140
ord129
ord17
ord75
ord13
ord135
ord138

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

shlwapi

StrStrA
StrChrA
StrCmpNA
StrToIntA

Exports

Exports

WLEntry
WLEntryPoint
WLEventLogoff
WLEventLogon
WLEventShutdown

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f7a2013f51ab6bd0c44ccffeec825b7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ntdll

ws2_32

dnsapi

mapi32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 22KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 22KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB