b09c161cb1965f856d527fd27304afae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b09c161cb1965f856d527fd27304afae_JaffaCakes118
Size

56KB
MD5

b09c161cb1965f856d527fd27304afae
SHA1

d96b3114e0a7edb4e597ea3b5d09892c1095e7eb
SHA256

84ea26450dbef2f8f7e9cda9e18c9f7db128c9faa7323e194689ff9dcd16c17f
SHA512

dd1e5dce80891c0b5709deb2f34983313b08668a0802f5123709582dd978b795553c70f130dfdd050204d727df7010ed43d018e5455edcd3e5b4841ba6e1f21f
SSDEEP

1536:k7VIljXxjp4WncUuuwDJPvsk4XIsS/R+Qo:kxuF/ZYLR+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b09c161cb1965f856d527fd27304afae_JaffaCakes118

Files

b09c161cb1965f856d527fd27304afae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

773fbc346e0a4514d3bde8d9d8c37433

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
ReadFile
Sleep
lstrcatA
lstrcpyA
GetLocaleInfoA
GetTickCount
CreateEventA
GetDriveTypeA
GetLogicalDriveStringsA
FindNextFileA
FindClose
FindFirstFileA
CreateDirectoryA
MoveFileA
CreateProcessA
SetFilePointer
GetFileSize
GetCurrentProcess
WriteFile
WaitForSingleObject
CreateThread
GetSystemTime
GetStartupInfoW
MultiByteToWideChar
GetStartupInfoA
CreatePipe
GetSystemDirectoryA
GetEnvironmentVariableA
TerminateProcess
PeekNamedPipe
GetTempPathA
DuplicateHandle
HeapFree
HeapAlloc
GetProcessHeap
SetEndOfFile
GetVersionExA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
DosDateTimeToFileTime
GetFileAttributesA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime

user32

ExitWindowsEx

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LogonUserA
CreateProcessWithLogonW

shell32

SHFileOperationA

msvcrt

??1type_info@@UAE@XZ
__dllonexit
_open
_CxxThrowException
?terminate@@YAXXZ
rename
_local_unwind2
_except_handler3
atoi
strncat
time
srand
rand
_initterm
??3@YAXPAX@Z
malloc
??2@YAPAXI@Z
__CxxFrameHandler
strrchr
strncpy
sprintf
_tempnam
remove
_lseek
_close
_write
_adjust_fdiv
_read
free
_onexit

ws2_32

inet_addr
WSAStartup
WSACleanup
gethostbyname

iphlpapi

GetAdaptersInfo

ntdll

_itoa

wininet

HttpSendRequestExA
HttpEndRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetWriteFile

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryA
DestroyEnvironmentBlock

Exports

Exports

ServiceMain

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

773fbc346e0a4514d3bde8d9d8c37433

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

iphlpapi

ntdll

wininet

userenv

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 20KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 3KB