a3b7c65ae5334ef13015d407a7507334_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a3b7c65ae5334ef13015d407a7507334_JaffaCakes118
Size

28KB
MD5

a3b7c65ae5334ef13015d407a7507334
SHA1

3287a8ef36d50c84e35afab5461898a50f3ea99e
SHA256

34ac39a6e66f1835f7f476a289cafd5e340ce0f7de951381793de825c271e622
SHA512

bb9ce8ff7c4cd993cb77657e3b97e7bbb91065ff0e62d81700e69894b128b3d436fa09a97c1544b37d886ca0a5d850078baf1624439e3590810128b2dcc1b5fc
SSDEEP

384:fMEEMR8yp4YIRx5zYHpfx++5L1B9u8BeG6LE3BrKCGZ3DBN/X5PF:lX+yMx5zYHpJnL1BE8Izo35KCGl59

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3b7c65ae5334ef13015d407a7507334_JaffaCakes118

Files

a3b7c65ae5334ef13015d407a7507334_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c49d227642019f82d355247e3deffb86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
SearchPathA
DeleteFileA
GetTickCount
lstrcpyA
GetSystemDirectoryA
OpenProcess
Process32First
CreateToolhelp32Snapshot
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
DuplicateHandle
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
VirtualProtectEx
TerminateProcess
CreateThread
LoadLibraryA
GetProcAddress
CreateFileA
WriteFile
CloseHandle
GlobalAlloc
GlobalReAlloc
GetLastError
LocalFree
lstrcatA
GetFileSize
lstrlenA
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileStringA
ReadFile
GetModuleHandleA
Sleep
FreeLibrary
CreateMutexA
ReleaseMutex
GetModuleFileNameA
lstrcmpiA
WaitForSingleObject
GetCurrentProcessId
Process32Next
GlobalFree

user32

GetForegroundWindow
GetWindowTextA
wsprintfA
FillRect
LoadImageA
GetDC
ReleaseDC

gdi32

GetDeviceCaps
CreateCompatibleBitmap
BitBlt
GetPixel
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
SetTextCharacterExtra
TextOutA
DeleteObject
CreateCompatibleDC
SelectObject
GetDIBColorTable
CreatePalette
DeleteDC
CreateHalftonePalette
GetStockObject
GetObjectA
SelectPalette
RealizePalette
GetDIBits
CreateDCA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
GetTokenInformation
OpenProcessToken

msvcrt

free
malloc
strlen
strtok
_strlwr
wcscmp
mbstowcs
memcpy
memset
strcat
strcpy
strrchr
strstr
??2@YAPAXI@Z
sprintf
printf

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

wininet

HttpEndRequestA
InternetCloseHandle
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpSendRequestA
InternetCrackUrlA
InternetWriteFile

Exports

Exports

Install

Sections

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c49d227642019f82d355247e3deffb86

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

msvcp60

wininet

Exports

Exports

Sections

.bss Size: - Virtual size: 5KB

.data Size: 24KB - Virtual size: 24KB

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 24KB

.reloc
Size: 2KB - Virtual size: 2KB