a6fa26a6a92ce5d4450d9177dd96e1d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6fa26a6a92ce5d4450d9177dd96e1d6_JaffaCakes118
Size

48KB
MD5

a6fa26a6a92ce5d4450d9177dd96e1d6
SHA1

aedb442f2f80e71041e7671785f62eea70619794
SHA256

d365e49ad1211d54a224ae580afe83d2c332c8b90c2a200af43e12cfcfffa2df
SHA512

c08b5a73ef889e909f3933b8bfcf95047ffa9232bbb5770883e78d74144dfe49d8f1ab85499552793db213e4725a0adf6a51d23cee7d83c7da81e533ee02bf0c
SSDEEP

768:4xd2iTF1tpDf060nkBLQVtcRxLhKPivXvstqNnOFDb/Jz9CYD+UGxceU0x:r81bf0dnIL8tcRxLKlCYD+UGxA0x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6fa26a6a92ce5d4450d9177dd96e1d6_JaffaCakes118

Files

a6fa26a6a92ce5d4450d9177dd96e1d6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2cd702b73724d359cf2aad218eb43578

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
_adjust_fdiv
_initterm
_onexit
__dllonexit
_except_handler3
_wcsupr
wcsrchr
wcschr
wcsstr
malloc
free
memmove
memcpy
_snwprintf
??2@YAPAXI@Z
rand
swprintf
__CxxFrameHandler
sprintf
strstr
memset
??3@YAXPAX@Z
??1type_info@@UAE@XZ

wininet

InternetOpenW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
HttpEndRequestW

netapi32

NetUserGetInfo
NetApiBufferFree

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostbyname

crypt32

CryptUnprotectData

mfc42u

ord3806
ord551
ord547

kernel32

CopyFileW
TerminateThread
ExitThread
WinExec
GetModuleFileNameW
CreateThread
SetEvent
OpenEventW
GetCurrentProcessId
SetLastError
LocalFree
GetShortPathNameW
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
lstrcpyW
GetVersionExW
lstrcpyA
lstrcmpA
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
lstrlenW
MultiByteToWideChar
GetLastError
GlobalMemoryStatus
lstrcatW
WideCharToMultiByte
GetComputerNameW
lstrcmpiA
lstrcmpiW
GetDiskFreeSpaceExW
GetDriveTypeW
FindClose
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
GetVolumeInformationW
CloseHandle
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
MoveFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
GetTempPathW
CreateProcessW
GetSystemDirectoryW
CreateToolhelp32Snapshot
PeekNamedPipe
Sleep
OpenProcess
Process32NextW
lstrcmpW
Process32FirstW
GetStartupInfoW

user32

GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
CallNextHookEx
SetWindowsHookExW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
UnhookWindowsHookEx
CloseDesktop

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
OpenProcessToken
CreateProcessAsUserW
SetSecurityDescriptorDacl
CopySid
AddAce
GetAce
CreateServiceW
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetTokenInformation
RegSetValueExW
RegCreateKeyW
ChangeServiceConfigW
OpenSCManagerW
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceW
CloseServiceHandle

iphlpapi

GetNetworkParams

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo

Exports

Exports

Install
NtCloseStatus
NtOpenStatus
RunInstallA
RunUninstallA
ServiceMain
Uninstall

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd702b73724d359cf2aad218eb43578

Headers

File Characteristics

Imports

msvcrt

wininet

netapi32

ws2_32

crypt32

mfc42u

kernel32

user32

advapi32

iphlpapi

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 22KB

Shared Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 22KB

Shared
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB