b541c56e709b376584fed250eb412147_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b541c56e709b376584fed250eb412147_JaffaCakes118
Size

117KB
MD5

b541c56e709b376584fed250eb412147
SHA1

0bdb3ce52ca6299e4909dd8f9f28a6a7cd61a967
SHA256

a4404390f1a793516d71a5398a7c31bd6916ca92604b5a974bd4e585942bc700
SHA512

fc7e257821bdad8b41f691c0f67d8e5e0dc9091ed9f9e1ce80fc6141ca2775df78de4a783e2134c2adab7cbeab93abaef11a74eb9c7b965dce623e2f8299fca3
SSDEEP

1536:gXGhTrq59MO19cdhg1pJLXFx8BrXXTfP1YyYhesv9taQ/dd8f4NcpN7Kr6HHKWUr:cN1idhg1ptsrTftUl0vAr6HqWUi3eIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b541c56e709b376584fed250eb412147_JaffaCakes118

Files

b541c56e709b376584fed250eb412147_JaffaCakes118
.dll windows:4 windows x86 arch:x86

93b5221d2ea0372d4ac63c26d2fb11fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
GetComputerNameA
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
GetEnvironmentVariableA
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileTime
ReadFile
GetFullPathNameA
GetTempPathA
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
GetSystemTime
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetModuleFileNameA
SetThreadPriority
GetCurrentThreadId
WinExec
ReleaseSemaphore
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
CreateProcessA
FindFirstFileA
GetProcAddress
GetVersion
lstrlenA
MoveFileExA
CopyFileA
GetExitCodeProcess
PeekNamedPipe
GetStartupInfoA
CreatePipe
SetFilePointer
lstrcpyA
lstrcpynA
CreateDirectoryA
RemoveDirectoryA
DisableThreadLibraryCalls
CreateMutexA
ReleaseMutex
ExitProcess
IsBadReadPtr
lstrcatA
lstrcpynW
lstrlenW
GetCurrentProcessId
GetModuleHandleA
SetFileTime
ExitThread
HeapAlloc
GetProcessHeap
FindNextFileA
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
SetEvent
InitializeCriticalSection
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThread
TerminateThread
GetSystemDirectoryA
GetTempFileNameA
DeleteFileA
MoveFileA
CreateEventA
GetLastError
Sleep
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetFileAttributesA
VirtualQuery
VirtualFree
VirtualAlloc
CreateFileA
WriteFile
CreateThread
CloseHandle
FreeLibrary

user32

GetSystemMetrics
wsprintfA
MessageBoxA
wvsprintfA

advapi32

RegNotifyChangeKeyValue
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

ntdll

RtlUnwind
_chkstk
_strnicmp
memmove
strchr
tolower
_strcmpi
strstr
_alldiv
_allmul
NtAllocateVirtualMemory
NtQuerySystemInformation
NtFreeVirtualMemory
NtOpenProcess
NtClose
_strlwr
atoi

ws2_32

WSAStartup
gethostbyaddr
inet_ntoa
__WSAFDIsSet
accept
gethostname
sendto
recvfrom
htonl
ntohs
ntohl
WSAGetLastError
select
WSASetLastError
htons
bind
connect
getsockname
recv
inet_addr
gethostbyname
ioctlsocket
send
shutdown
setsockopt
closesocket
socket
listen

dnsapi

DnsQuery_A
DnsRecordListFree

mapi32

ord138
ord19
ord11
ord21
ord75
ord17
ord129
ord13
ord23
ord140
ord135

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

shlwapi

StrStrA
StrChrA
StrCmpNA
StrToIntA

Exports

Exports

WLEntry
WLEntryPoint
WLEventLogoff
WLEventLogon
WLEventShutdown

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93b5221d2ea0372d4ac63c26d2fb11fe

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ntdll

ws2_32

dnsapi

mapi32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 23KB - Virtual size: 39KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 23KB - Virtual size: 39KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB