b6e9aec5323656be9d4b3147d434eee4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6e9aec5323656be9d4b3147d434eee4_JaffaCakes118
Size

160KB
MD5

b6e9aec5323656be9d4b3147d434eee4
SHA1

75c3c20e0aa8f1d23955eb2a05d65249b75c56fa
SHA256

faedd5f3b97c7514be53174c2d148f62a15883b1a5fc37d1b4dc26869ca085db
SHA512

5b2208df86bc45ed79307739408cf8392c9c5e09148d3ef1a6d528006e04b759b5286ed42a41c261d90f17d9b6c87391430e47c38f39b98c0c922f7e8219bdbf
SSDEEP

3072:ZMcH7KNq6IXpmR+khLiFr0dzjlOBHfrU1RERRL+R17qruQ5FHWh0:ZMcHOq6spmR+jFgdIHfrUuQ/gHWO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6e9aec5323656be9d4b3147d434eee4_JaffaCakes118

Files

b6e9aec5323656be9d4b3147d434eee4_JaffaCakes118
.dll windows:5 windows x64 arch:x64

11e8849e1ac2131db083ec2ebd84c641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSASetLastError
WSAStartup
ntohs
closesocket
ioctlsocket
connect
select
WSAGetLastError
htons
recv
socket
gethostbyname
send
WSASetEvent

shlwapi

StrCatW
wnsprintfA
StrNCatA
PathAddBackslashW
StrStrIW
StrStrA
StrCmpNIA
StrCpyW
StrCmpNA
StrChrA
PathAddBackslashA
StrStrIA

wininet

InternetTimeFromSystemTimeA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetReadFile
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleW
HeapFree
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
lstrlenA
lstrcpynA
GetTickCount
VirtualFree
LeaveCriticalSection
IsBadWritePtr
VirtualAlloc
EnterCriticalSection
Sleep
GetLocalTime
CloseHandle
CreateThread
lstrcatA
DeleteFileW
GetSystemTime
lstrcpyA
FindFirstFileW
GetCommandLineA
InitializeCriticalSection
GetModuleFileNameW
FindClose
RemoveDirectoryW
FindNextFileW
CreateMutexW
HeapReAlloc
lstrcmpA
lstrcmpiA
GetTempPathA
GetCurrentThread
LoadLibraryW
GetProcAddress
GetTempFileNameW
CreateFileA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetTempPathW
GetCurrentProcess
OpenProcess
TerminateProcess
OpenMutexW
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
ExitProcess
GetComputerNameA
SystemTimeToFileTime
GetVolumeInformationA
VirtualQuery
VirtualProtect
GetCurrentThreadId
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetLastError
EncodePointer
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime

advapi32

RegCreateKeyA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathW

urlmon

ObtainUserAgentString

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11e8849e1ac2131db083ec2ebd84c641

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

wininet

kernel32

advapi32

shell32

urlmon

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 112KB

.pdata Size: 7KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 112KB

.pdata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 2KB