bc0274dc5694ce8a9cd83e049a3c52a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc0274dc5694ce8a9cd83e049a3c52a7_JaffaCakes118
Size

33KB
MD5

bc0274dc5694ce8a9cd83e049a3c52a7
SHA1

b1043bc4d46c1dd8f240f0cf6b8ffd77c9353276
SHA256

377ff497bbf175e9f3e4a736d412695c37ab3b248d9c3f4836d1cfd6a5e85cdc
SHA512

44a363405fb61979df36196c30127a5b4317ba34e84adfd8c186676312db0878d5ad5ffdbcdc25043cc075d1c0b902cddbd71f6398aca4407556c8d0fc084de9
SSDEEP

768:DDfD4QZGx11WGaFNwXVyh3GjWX3DJmWR+C:DDfD4d9WbNwXVyh3GIEW4C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc0274dc5694ce8a9cd83e049a3c52a7_JaffaCakes118

Files

bc0274dc5694ce8a9cd83e049a3c52a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

52d6732cec7c4f592b0dd9dc2f64543a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
IsBadReadPtr
CreateThread
WritePrivateProfileStringA
VirtualAlloc
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
ReadFile
GetFileSize
GetTickCount
lstrcmpiA
lstrcmpA
GetCurrentProcess
ExitProcess
GetTempPathA
lstrcatA
Sleep
lstrlenA
lstrcpynA
lstrcpyA
CreateFileA
OutputDebugStringA
WriteFile
CloseHandle
VirtualProtect
SetFilePointer

user32

IsRectEmpty
ReleaseDC
DialogBoxParamA
ExitWindowsEx
GetWindowLongA
SetWindowLongA
GetWindowThreadProcessId
GetDlgItem
GetWindowTextA
EndDialog
ShowScrollBar
GetDC
LoadImageA
FindWindowExA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
GetActiveWindow
IsIconic
GetSystemMetrics
EnumWindows
GetClassNameA
GetForegroundWindow
SetLayeredWindowAttributes

gdi32

BitBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
SelectPalette
RealizePalette
GetDIBits
SetBkColor
SetTextColor
CreateCompatibleDC
StretchBlt
GetObjectA
CreateCompatibleBitmap
GetStockObject
SelectObject

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

wininet

InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetOpenUrlA

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdipCloneImage

netapi32

Netbios

msvcrt

strrchr
atoi
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strstr
memmove
strchr
sscanf

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52d6732cec7c4f592b0dd9dc2f64543a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 264B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 264B

.reloc
Size: 2KB - Virtual size: 2KB