c8a4ac0e7efda94af5b7f66d3eb8b4b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8a4ac0e7efda94af5b7f66d3eb8b4b2_JaffaCakes118
Size

37KB
MD5

c8a4ac0e7efda94af5b7f66d3eb8b4b2
SHA1

cbdbddeaa94796cae07b8a295b54ef859bb2081b
SHA256

613b52b2978a4d6c7dc53bcfb316d3171fd115c777d7f3bf5790723bbba1da79
SHA512

f56c75f34793c5ad00b192392d90bfbd99fef4e52c387664d8c237f042f4450e9bec60c5d9e6cafc5c16d82a6f59c19d62bfc71bbb2c4bc0726c3b9409203285
SSDEEP

768:ITDwjSXm2GCv8vNbKDehBsZElLtAVbo1rBn:IwmXmRCIbKICZElBj1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8a4ac0e7efda94af5b7f66d3eb8b4b2_JaffaCakes118

Files

c8a4ac0e7efda94af5b7f66d3eb8b4b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

344a9fc5e7ec0a522577608b29c0e99d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpOpenRequestA
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle

shlwapi

StrStrA
StrStrIA

kernel32

lstrcmpA
lstrcatA
lstrcpyA
lstrlenA
MultiByteToWideChar
CloseHandle
ReleaseMutex
GetLastError
OpenProcess
CreateMutexA
OutputDebugStringA
GetTickCount
CreateDirectoryA
lstrcmpiA
FlushFileBuffers
WriteFile
CreateFileA
DeleteFileA
CreateThread
WaitForSingleObject
GetProcAddress
GetModuleHandleA
WriteProcessMemory
GetModuleFileNameA
LoadLibraryA
SetEvent
CreateEventA
GetShortPathNameA
CopyFileA
GetSystemTime
GetVersionExA
LeaveCriticalSection
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameA
DeleteCriticalSection
TerminateThread
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcess
IsBadReadPtr
GetCurrentProcessId
VirtualAlloc
SetLastError
VirtualFree
DuplicateHandle
FreeLibrary
ResumeThread
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
ExitThread
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
Sleep

user32

GetMessageA
DispatchMessageA
FindWindowA
OpenWindowStationA
OpenInputDesktop
SetThreadDesktop
SendMessageA
LoadStringA
wsprintfA
CharUpperBuffA
UnhookWindowsHookEx
ShowWindow
SetWindowsHookExA
GetClassNameA
CallNextHookEx
SetProcessWindowStation

advapi32

CreateProcessAsUserA
ImpersonateLoggedOnUser
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegOpenKeyExA
RegCreateKeyExA
SetSecurityDescriptorDacl

shell32

SHFileOperationA
SHGetSpecialFolderPathA

ole32

CoUninitialize
OleRun
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantCopy
VariantInit
VariantClear
SysFreeString
SysAllocString
SysStringLen

Exports

Exports

InstallModule
SetHook
TurnOn
TurnOn2
UnInstallModule

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

344a9fc5e7ec0a522577608b29c0e99d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 528B

.HKT Size: 512B - Virtual size: 5B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 528B

.HKT
Size: 512B - Virtual size: 5B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB