b71dbc0692b1f4b6f9308efa35baa1e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b71dbc0692b1f4b6f9308efa35baa1e8_JaffaCakes118
Size

80KB
MD5

b71dbc0692b1f4b6f9308efa35baa1e8
SHA1

0dc885b8455d6865f4047a5684af77b932932a5e
SHA256

7626aa95a08a9e839573eb76ececd50cb00d5356a5cbd39b8df3ecbe3b20a2a2
SHA512

4a14cc85052e7b828dbd8366389d97a6fb4810c7ec6ae69eee939cb4b86421d8d13c131c6acb552094b3c1569eb37ccb2103f29696eb563268f6bfa59983e7c2
SSDEEP

1536:0zJa4rDqt5qGvgKcDcVmyWTtTILljFFozgGz4lwsJz:0zjypgKWrRTtTILlzGz4lRz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b71dbc0692b1f4b6f9308efa35baa1e8_JaffaCakes118

Files

b71dbc0692b1f4b6f9308efa35baa1e8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9bd83b36f875784c91dc378bd3d1a847

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
GetLastError
GlobalAlloc
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileIntA
SetFilePointer
ReadFile
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringA
WideCharToMultiByte
GetProcAddress
GetModuleFileNameA
lstrcpynA
GetLocalTime
SetEndOfFile
CreateThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
TerminateThread
LoadLibraryA
SetErrorMode
DeleteFileA
GetSystemDirectoryA
lstrlenA
LocalFree
MultiByteToWideChar
lstrcatA
lstrcpyA
GetTickCount
GetFileSize
Sleep

user32

wsprintfA
DefWindowProcA
EndPaint
FillRect
BeginPaint
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
RegisterClassExA
DestroyWindow
CharLowerA
GetMessageA
CallNextHookEx
SetParent
FindWindowA
SetWindowLongA
GetWindowLongA
SetTimer
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeType

ws2_32

WSAStartup
socket
gethostbyname
htons
connect
send
closesocket

wininet

InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetConnectA
FtpOpenFileA
InternetWriteFile

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

_except_handler3
strcmp
_stricmp
srand
rand
strcat
_strcmpi
wcslen
_strupr
_CxxThrowException
_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_wcsnicmp
wcscmp
sprintf
atof
??2@YAPAXI@Z
memcpy
__dllonexit
strlen
strchr
free
wcstod
wcsstr
_wcslwr
_purecall
memset
__CxxFrameHandler
_strlwr
memcmp
strcpy
strstr

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bd83b36f875784c91dc378bd3d1a847

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

wininet

msvcp60

msvcrt

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 11KB

Shared Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 11KB

Shared
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB