cde33ce2c754f1cebb97e8f413cacded_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cde33ce2c754f1cebb97e8f413cacded_JaffaCakes118
Size

46KB
MD5

cde33ce2c754f1cebb97e8f413cacded
SHA1

928dc4b45ee0c139a5c9e9e5e16c172d16d74bf9
SHA256

3e189bdd563b56c9769ff28c393f54af2240e2300f0a550586bbe9f5fea2fbc8
SHA512

75cbc40722be61b3e0e9207884866c733227e97eaf638a30ecc27d5df8172eb946218c264ec5a605393d1726b0b176810644fffb47f202ef31ba50f0f191cc69
SSDEEP

768:WP/snk8xMNynAIgTKOAYItPStED8eIb8xIz0SiQuQKhseYK4tt0muL:W3snfAbLuZLgfb8xNQ6su4smuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cde33ce2c754f1cebb97e8f413cacded_JaffaCakes118

Files

cde33ce2c754f1cebb97e8f413cacded_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cf74cc7ed6e107b33735ddb55315a079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetOpenW
HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW

ws2_32

getpeername
htons
WSASetLastError
WSAGetLastError
WPUCompleteOverlappedRequest
WSCEnumProtocols
WSCGetProviderPath

kernel32

HeapFree
ExitProcess
MultiByteToWideChar
LoadLibraryA
ExpandEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
CloseHandle
EnterCriticalSection
CreateThread
SleepEx
LeaveCriticalSection
GetLastError
CreateWaitableTimerW
SetWaitableTimer
WaitForSingleObject
CreateEventW
SetEvent
GetTickCount
VirtualAlloc
SetThreadPriority
Sleep
VirtualFree
HeapAlloc
GetProcessHeap
CreateIoCompletionPort
GetSystemInfo
CreateSemaphoreW
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
ReleaseSemaphore
ResetEvent
GetQueuedCompletionStatus
ExitThread
WaitForSingleObjectEx
GlobalAlloc
GlobalFree
SetFilePointer
GetModuleFileNameW
CreateFileW
ReadFile
InterlockedIncrement
InterlockedDecrement
VirtualQuery
HeapCreate
GetCurrentProcess
HeapReAlloc
HeapDestroy
HeapSize
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
FreeLibrary
LoadLibraryW
GlobalMemoryStatusEx

user32

GetMessageW
DefWindowProcW
DispatchMessageW
TranslateMessage
CreateWindowExW
RegisterClassW
LoadCursorW
DestroyWindow
LoadIconW
IsWindow

gdi32

GetStockObject

urlmon

ObtainUserAgentString

psapi

GetModuleBaseNameW

Exports

Exports

DllMain
WSPStartup

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf74cc7ed6e107b33735ddb55315a079

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

gdi32

urlmon

psapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB