a84b0e7c11faf239f7778631a36663ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a84b0e7c11faf239f7778631a36663ca_JaffaCakes118
Size

54KB
MD5

a84b0e7c11faf239f7778631a36663ca
SHA1

5193c7b8d12f4a1259085a2c79ca57d7a563c33a
SHA256

5c3fb9375902bd653b6f526d5617a71f2c3a987cb59758ad72c5a0fdd71b8e5d
SHA512

be190ba786bf9ea4fa2588c8c89651c03bd9f385c41747f515cb1d71f63eadab22579270873635d40ef5c400596f6ec4cde0d8dbeccfba40a72ebd357a11134d
SSDEEP

1536:F9kFmWXvIvkA2PSFb2caIf/wXPtLJo7fUyapBRF26:F9kFXXvAkA2PSFb8If/uPXmpE9B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a84b0e7c11faf239f7778631a36663ca_JaffaCakes118

Files

a84b0e7c11faf239f7778631a36663ca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e1e78a084287efef5d2262be36d181e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetFileAttributesA
CreateFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetTickCount
FindClose
FindFirstFileA
SetFilePointer
DeleteFileW
FindNextFileW
FileTimeToSystemTime
CreateFileW
FindFirstFileW
GetTempPathW
DeleteFileA
FindNextFileA
GetTempPathA
GetVersionExA
LoadLibraryA
GetFileTime
lstrlenA
TerminateThread
ReleaseMutex
GetModuleFileNameA
DeviceIoControl
OpenMutexA
MoveFileExA
MoveFileA
CopyFileA
GetSystemDirectoryA
GetLastError
FreeLibrary
SetFileTime
GetComputerNameA
CreateMutexA
SetCurrentDirectoryA
FlushFileBuffers
SetLastError
Process32Next
Process32First
CreateToolhelp32Snapshot
ExpandEnvironmentStringsA
WriteFile
lstrcpyA
CreatePipe
CreateProcessA
CreateThread
WaitForSingleObject
ReadFile
PeekNamedPipe
GetCurrentProcess
TerminateProcess
Sleep
OpenProcess
CloseHandle
GetProcAddress

user32

DestroyWindow
IsWindow
SendMessageA
wsprintfA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupAccountSidA
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegOpenKeyExA

shell32

ShellExecuteA
StrStrIA

ws2_32

socket
inet_ntoa
inet_addr
closesocket
gethostbyname
htons
sendto
recvfrom
setsockopt
recv
WSAIoctl
bind
gethostname
ntohs
send
connect
WSAStartup

msvfw32

MCIWndCreateA

avicap32

capCreateCaptureWindowA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_strlwr
_itoa
_strnicmp
_adjust_fdiv
malloc
_initterm
free
memchr
strrchr
strncmp
fopen
fseek
fread
fclose
rename
swprintf
wcslen
strstr
time
srand
rand
??2@YAPAXI@Z
atoi
_except_handler3
sprintf
??3@YAXPAX@Z
__CxxFrameHandler

shlwapi

SHGetValueA
SHSetValueA

Exports

Exports

WSPStartup

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e1e78a084287efef5d2262be36d181e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

msvfw32

avicap32

psapi

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 5KB

.inidata Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 5KB

.inidata
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB