a5ca8f9a546b9f9e25de8e3f6043390a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5ca8f9a546b9f9e25de8e3f6043390a_JaffaCakes118
Size

384KB
MD5

a5ca8f9a546b9f9e25de8e3f6043390a
SHA1

dfcb2edb19928e0e56c8a16d1efb37a358129586
SHA256

f694f8d4fb196e222195ebf26ea12544dd3be1c877fca4eddf2973189a3187a9
SHA512

82488fa3454dc75e08ab88327ed74c8991cc98a31acfff6c7654a1209c3ee90dd2cde7e4eef859e89b326560d74cc29cecc3f7970b7c74bdc080ba6c6b974c33
SSDEEP

6144:aviddoN9sU0DtMJhJvQODop6abluagy4:avt8XYDvQODop6abluagy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5ca8f9a546b9f9e25de8e3f6043390a_JaffaCakes118

Files

a5ca8f9a546b9f9e25de8e3f6043390a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0de9d310e02d0f5a84c33db010a687e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyA

urlmon

CoInternetCreateSecurityManager
IsValidURL

wininet

InternetCrackUrlA
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

FindFirstFileA
GetLongPathNameA
GetModuleFileNameA
lstrcmpiA
GetModuleHandleA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
GetDiskFreeSpaceA
GetProcAddress
GetCurrentThreadId
LockResource
MulDiv
GlobalUnlock
GlobalLock
GetTempPathA
CloseHandle
GetExitCodeProcess
CreateProcessA
SetLastError
GlobalFree
GlobalHandle
GetTempFileNameA
lstrcatA
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
FindClose
FileTimeToSystemTime
GetFileTime
GetFileSize
CreateFileA
lstrcpyA
SetEvent
CreateThread
CreateEventA
GlobalMemoryStatus
GetShortPathNameA
LoadLibraryA
GetSystemDirectoryA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
HeapSize
TerminateProcess
ExitProcess
IsBadWritePtr
FatalAppExitA
HeapCreate
HeapDestroy
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetCurrentDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetConsoleCtrlHandler
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
Sleep

gdi32

DPtoLP
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
StretchBlt
SetBkMode
SetTextColor
RestoreDC
CreateSolidBrush
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
CreateFontIndirectA
GetStockObject

wsock32

gethostbyname
inet_addr
gethostbyaddr
ioctlsocket

comctl32

ord17

wintrust

WinVerifyTrust

shlwapi

PathIsURLA
PathFileExistsA

ole32

StringFromCLSID
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromString
CLSIDFromProgID

oleaut32

SysStringByteLen
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 91KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mstp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 132B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0de9d310e02d0f5a84c33db010a687e3

Headers

File Characteristics

Imports

advapi32

urlmon

wininet

version

kernel32

gdi32

wsock32

comctl32

wintrust

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 160KB

.bss Size: - Virtual size: 192KB

.pdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.shared Size: 4KB - Virtual size: 4KB

.mstp Size: 4KB - Virtual size: 4KB

DATA Size: 4KB - Virtual size: 4KB

DATA Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 132B

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 250KB - Virtual size: 249KB

.reloc Size: 4KB - Virtual size: 208B

.text
Size: 91KB - Virtual size: 160KB

.bss
Size: - Virtual size: 192KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.shared
Size: 4KB - Virtual size: 4KB

.mstp
Size: 4KB - Virtual size: 4KB

DATA
Size: 4KB - Virtual size: 4KB

DATA
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 132B

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 250KB - Virtual size: 249KB

.reloc
Size: 4KB - Virtual size: 208B