aab989be2c3223f4651c307993c286b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aab989be2c3223f4651c307993c286b5_JaffaCakes118
Size

168KB
MD5

aab989be2c3223f4651c307993c286b5
SHA1

038a7f85f5a9dc095f78e6a5fb043749bf6fe624
SHA256

386c54a0a58ce50904711d22f40bab3d17ad8a8199a13be9f286ecc9969901b9
SHA512

47bd4bcc40cbdff2496c4dcc82dcfee5658a8c208e4a83d4b6a810cf96610abcaccd85e77422b40d3e1380b0be34c58dc989e7ebce3b36af79cf8e7842551044
SSDEEP

3072:+RLJCEEm5tHVJYbAJCHlK9pSjFWBFuTJYeDB8I29DPJl136nfKOp:KlCVm5tHVyK0FWBAuDz136n1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aab989be2c3223f4651c307993c286b5_JaffaCakes118

Files

aab989be2c3223f4651c307993c286b5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

000e4cc721ebc768094b480979753239

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PeekMessageA
CreateWindowExA
UnregisterClassA
RegisterClassExA
DestroyWindow
DefWindowProcA
PostQuitMessage
wsprintfA
PostMessageA
IsWindow
FindWindowA
TranslateMessage
EnumWindows
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA
PostThreadMessageA
GetWindowThreadProcessId
CallNextHookEx
SendMessageTimeoutA
MsgWaitForMultipleObjects
CharLowerA
SendMessageA
GetClassNameA
KillTimer
DispatchMessageA
SetTimer

advapi32

InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl

rpcrt4

UuidFromStringA

imagehlp

ImageDirectoryEntryToData

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

closesocket
shutdown
htons
WSASocketA
WSAGetLastError
ioctlsocket
connect
select
send
gethostbyname

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetGetCookieA
InternetSetCookieA

msvcrt

strncat
time
memmove
_purecall
_mbsstr
towupper
_mbsicmp
_splitpath
_mbsnbicmp
strftime
localtime
strncmp
tolower
rand
strncpy
sprintf
toupper
mktime
free
_atoi64
malloc
realloc
_mbsrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
isalnum
strchr
strcpy
strlen
strstr
memcmp
_beginthreadex
strcat
_strlwr
strrchr
strcmp
_mbsnbcpy
_mbschr
atoi
__CxxFrameHandler
??2@YAPAXI@Z
memset
memcpy
_stricmp
_strnicmp
_CxxThrowException
??1type_info@@UAE@XZ
??3@YAXPAX@Z
srand

kernel32

WideCharToMultiByte
lstrlenW
PulseEvent
GetEnvironmentVariableA
GetFileTime
FileTimeToSystemTime
MultiByteToWideChar
GetTickCount
GetLongPathNameA
CopyFileA
WritePrivateProfileStringA
TerminateThread
OpenProcess
FreeLibrary
LoadLibraryA
IsBadWritePtr
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
InitializeCriticalSection
VirtualUnlock
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
VirtualProtect
RemoveDirectoryA
lstrcatA
GetPrivateProfileStringA
VirtualLock
FindFirstFileA
lstrcmpA
FindNextFileA
FindClose
MoveFileExA
GetWindowsDirectoryA
GetShortPathNameA
GetFileSize
ReadFile
WriteFile
DeleteFileA
GetVersionExA
CreateFileA
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ResetEvent
SetLastError
InterlockedDecrement
GetLastError
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
CreateThread
InterlockedIncrement
GetModuleFileNameA
lstrlenA
InterlockedExchange
ReleaseMutex
GetCurrentThreadId
CreateMutexA
GetCurrentThread
SetThreadPriority
Sleep
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
lstrcpyA
WaitForMultipleObjects

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

Exports

Exports

installthreadhook
removethreadhook

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SRTHREA
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000e4cc721ebc768094b480979753239

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

imagehlp

version

ws2_32

wininet

msvcrt

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 20KB - Virtual size: 19KB

.SRTHREA Size: 4KB - Virtual size: 88B

.rsrc Size: 4KB - Virtual size: 776B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 19KB

.SRTHREA
Size: 4KB - Virtual size: 88B

.rsrc
Size: 4KB - Virtual size: 776B

.reloc
Size: 8KB - Virtual size: 7KB