a5dd2c268095875b5b29d24ea61fcbf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5dd2c268095875b5b29d24ea61fcbf2_JaffaCakes118
Size

102KB
MD5

a5dd2c268095875b5b29d24ea61fcbf2
SHA1

5f87b67de60e565f83b8cc4cc1e922a7b2588ad4
SHA256

3503700fc8f911592feac24bad4034b94299efc9f05823d950b6e9f82bd06e4c
SHA512

76232d30a1825db7e6f93f3513cfad242ab39797a6e3edd348fcb3b5e1df52632ead2dbab5043de97a8f6fbaa74b92ed3de58cb85d3eec30ef8ef77cb928c5d3
SSDEEP

1536:mUrfLjgcZEk2mDgIJH/9BOmTQJg5UUlzzoZjFfFODP4:ffPgcZ8CJHFBOX6lIjFNWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5dd2c268095875b5b29d24ea61fcbf2_JaffaCakes118

Files

a5dd2c268095875b5b29d24ea61fcbf2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

PulseEvent
InterlockedDecrement
WaitForMultipleObjects
ResetEvent
InterlockedIncrement
FreeLibraryAndExitThread
TerminateProcess
InterlockedCompareExchange
ReleaseMutex
SetEvent
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
GetLastError
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
VirtualFree
VirtualProtect
VirtualAlloc
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
Thread32First
Module32Next
Module32First
VirtualQuery
GetSystemInfo
QueryDosDeviceA
GetModuleHandleA
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
OpenThread
GetCurrentThreadId
ExitProcess
WriteFile
DeleteFileA
ReadFile
MoveFileA
SetFilePointer
lstrlenW
GetTempFileNameA
GetTempPathA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
CreateProcessA
CreatePipe
CreateFileMappingA
MapViewOfFile
GetFileSize
WaitForSingleObject
ExitThread
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateEventA
CreateThread
Sleep
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
CloseHandle
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetCurrentThread
Thread32Next
GetCurrentProcessId

user32

MessageBoxA
SetTimer
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
GetWindowTextA
PostMessageA
IsWindow
DispatchMessageA
TranslateMessage
ReleaseDC
FillRect
InflateRect
EnumDesktopWindows
GetClassNameA
EnumChildWindows
EnumWindows
OffsetRect
SetWindowPos
GetDlgItem
SendMessageA
EndDialog
KillTimer
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
ExitWindowsEx
GetParent
ShowWindow

gdi32

GetStockObject
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegEnumValueA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

wininet

HttpSendRequestExA
HttpEndRequestA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile

ws2_32

inet_ntoa
closesocket
WSAStartup
WSACleanup
setsockopt
gethostbyname

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_memicmp
_stricmp
??3@YAXPAX@Z
_mbsstr
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
time
_adjust_fdiv
_initterm
_onexit
__dllonexit
printf
atol
strstr
_ltoa
abs
wcsstr
_mbsnbcat
_mbslwr
_ismbcalpha
memmove
malloc
wcscmp
free
_mbscmp
_mbsupr
_snprintf
_except_handler3
_ismbcprint
memcmp
strncpy
_purecall
clock
memset
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
_mbschr
strlen
sprintf
strcpy
strcat

gdiplus

GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipFree
GdipDisposeImage
GdipSaveImageToStream
GdiplusStartup

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

shell32

SHGetFolderPathA

Exports

Exports

_LOADLIBRARY_DUMMY
_RunAs@16

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB