a5bb4f90767fdd8a7a7332e992073950_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5bb4f90767fdd8a7a7332e992073950_JaffaCakes118
Size

1.2MB
MD5

a5bb4f90767fdd8a7a7332e992073950
SHA1

68eb9074a1801098c786c0da06abf66927373f85
SHA256

d3c609f7d937e8d0bd3b5cce42e6f9d4770f64e1c71a654dab90c343881f0af1
SHA512

b71bdc1fb124fdda912eacb9446ee0713e40924cec9f9aba724fb4f376eece063904514a76749e27de0971f523dee55bbd2115a0ab9b5d29cca5eea1ec9ecb52
SSDEEP

24576:kmb0YTjko7/6bRjzj6KXDP2iTLqHpctKyeBXaeHu0:kALTjKZ6KXDzLqHp7dXaUu0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5bb4f90767fdd8a7a7332e992073950_JaffaCakes118

Files

a5bb4f90767fdd8a7a7332e992073950_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e9b7948371884a611068a7131631be12

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAGetLastError
closesocket
WSAStartup
select
bind
htons
htonl
getsockopt
__WSAFDIsSet
recvfrom
WSACleanup
sendto
socket
setsockopt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetGetConnectionA

rpcrt4

RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFree
NdrClientCall2
NdrServerCall2
RpcServerListen
RpcServerRegisterIf
RpcServerUseProtseqEpA
RpcMgmtStopServerListening
RpcBindingFromStringBindingA

kernel32

lstrlenA
lstrcmpiA
GetVersion
IsDBCSLeadByte
GetCurrentProcessId
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
DeleteFileA
MoveFileA
GetFileSize
GetFileAttributesW
GetDriveTypeA
QueryDosDeviceA
Sleep
IsBadStringPtrA
GetACP
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OutputDebugStringA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
GetFileTime
GetSystemDirectoryA
SetFileTime
GetLocalTime
GetTimeZoneInformation
GetComputerNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetEvent
OpenProcess
ResumeThread
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
GetLocaleInfoA
GetTimeFormatA
TerminateProcess
SetConsoleTitleA
DeleteCriticalSection
WaitForSingleObject
DuplicateHandle
CreateEventA
FlushFileBuffers
SetEndOfFile
CreateThread
SystemTimeToTzSpecificLocalTime
VirtualQuery
lstrcpynA
GetVersionExA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcessHeap
GetFullPathNameA
FormatMessageA
GetNumberFormatA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapReAlloc
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
SetLastError
GetCurrentProcess
FlushInstructionCache
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
LocalReAlloc
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedIncrement
GetTickCount
MultiByteToWideChar
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetEnvironmentStrings
VirtualFree
ExitProcess
HeapSize
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
CloseHandle
VirtualProtect
GetModuleFileNameA
GetDateFormatA
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
InterlockedExchange
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
GetConsoleTitleA
LoadLibraryW
FreeEnvironmentStringsA
LCMapStringW

user32

EnumWindows
GetWindowTextLengthA
SetFocus
PostQuitMessage
GetWindowRect
EnableWindow
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
IsZoomed
MapVirtualKeyA
GetKeyState
GetMessageA
GetForegroundWindow
GetFocus
GetKeyboardLayoutNameA
GetCursorPos
MoveWindow
CharPrevA
UnhookWindowsHookEx
SetPropA
GetPropA
CallWindowProcA
SetWindowLongA
RemovePropA
GetWindow
IsWindowEnabled
SendMessageA
FindWindowA
PostMessageA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
GetUserObjectInformationA
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
LoadStringA
wsprintfW
CharNextA
SetTimer
IsWindow
SendMessageTimeoutA
KillTimer
RegisterWindowMessageA
wsprintfA
GetParent
FindWindowExA
IsWindowVisible
EnumChildWindows
GetWindowLongA
GetClassNameA
DefWindowProcA
GetWindowTextA
CallNextHookEx
GetWindowThreadProcessId

gdi32

GetDeviceCaps
GetStockObject
TranslateCharsetInfo

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

VariantInit
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysAllocStringByteLen
SafeArrayCreate
SysStringLen
SysFreeString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayLock
SysStringByteLen
GetErrorInfo
SafeArrayUnlock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
IAlloc

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9b7948371884a611068a7131631be12

Headers

File Characteristics

Imports

wsock32

version

mpr

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 68KB - Virtual size: 67KB

.shared Size: 4KB - Virtual size: 368B

.reloc Size: 56KB - Virtual size: 52KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 68KB - Virtual size: 67KB

.shared
Size: 4KB - Virtual size: 368B

.reloc
Size: 56KB - Virtual size: 52KB